The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html | Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html | Third Party Advisory VDB Entry |
http://www.openwall.com/lists/oss-security/2021/03/23/2 | Mailing List Third Party Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809 | Mailing List Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210416-0006/ | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2021/03/23/2 | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
02 Dec 2021, 19:37
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html - Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
12 Nov 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Oct 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Apr 2021, 19:20
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html - Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210416-0006/ - Third Party Advisory |
16 Apr 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Apr 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Mar 2021, 17:20
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
CWE | CWE-681 CWE-125 |
|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809 - Mailing List, Patch, Vendor Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/03/23/2 - Mailing List, Third Party Advisory | |
References | (MISC) https://www.openwall.com/lists/oss-security/2021/03/23/2 - Mailing List, Third Party Advisory |
23 Mar 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Mar 2021, 18:53
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-23 18:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-3444
Mitre link : CVE-2021-3444
CVE.ORG link : CVE-2021-3444
JSON object : View
Products Affected
linux
- linux_kernel
debian
- debian_linux
canonical
- ubuntu_linux