CVE-2021-3444

{"id": "CVE-2021-3444", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security@ubuntu.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.1}]}, "published": "2021-03-23T18:15:13.627", "references": [{"url": "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@ubuntu.com"}, {"url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@ubuntu.com"}, {"url": "http://www.openwall.com/lists/oss-security/2021/03/23/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@ubuntu.com"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "security@ubuntu.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@ubuntu.com"}, {"url": "https://security.netapp.com/advisory/ntap-20210416-0006/", "tags": ["Third Party Advisory"], "source": "security@ubuntu.com"}, {"url": "https://www.openwall.com/lists/oss-security/2021/03/23/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@ubuntu.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-681"}]}, {"type": "Secondary", "source": "security@ubuntu.com", "description": [{"lang": "en", "value": "CWE-681"}]}], "descriptions": [{"lang": "en", "value": "The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 (\"bpf: Fix truncation handling for mod32 dst reg wrt zero\") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101."}, {"lang": "es", "value": "El comprobador bpf en el kernel de Linux no manej\u00f3 apropiadamente el truncamiento del registro de destino mod32 cuando se sab\u00eda que el registro de origen era 0. Un atacante local con la habilidad de cargar programas bpf podr\u00eda usar esta ganancia para lecturas fuera de l\u00edmites en la memoria del kernel que conllevan a una divulgaci\u00f3n de informaci\u00f3n (memoria del kernel) y, posiblemente, escrituras fuera de l\u00edmites que podr\u00edan conllevar a una ejecuci\u00f3n de c\u00f3digo. Este problema se solucion\u00f3 en el kernel ascendente en el commit 9b00f1b78809 (\"bpf: Fix truncation handling for mod32 dst reg wrt zero\") y en los kernels estables de Linux versiones 5.11.2, 5.10.19 y 5.4.101"}], "lastModified": "2021-12-02T19:37:08.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36030D2B-5E11-4302-B7B5-DA19CBB32FF1", "versionEndExcluding": "5.4.101"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BBBC05B-CC76-44E3-976E-E99B2C36EC8C", "versionEndExcluding": "5.10.19", "versionStartIncluding": "5.5.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30C037BA-454E-4E10-A31F-E7DDBE066599", "versionEndExcluding": "5.11.2", "versionStartIncluding": "5.11"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB"}], "operator": "OR"}]}], "sourceIdentifier": "security@ubuntu.com"}