Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2021-3490 | First vendor Publication | 2021-06-04 |
Vendor | Cve | Last vendor Modification | 2021-09-14 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 7.8 | ||
Base Score | 7.8 | Environmental Score | 7.8 |
impact SubScore | 5.9 | Temporal Score | 7.8 |
Exploitabality Sub Score | 1.8 | ||
Attack Vector | Local | Attack Complexity | Low |
Privileges Required | Low | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1). |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3490 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
50 % | CWE-125 | Out-of-bounds Read |
CPE : Common Platform Enumeration
Metasploit Database
id | Description |
---|---|
2021-05-11 | Linux eBPF ALU32 32-bit Invalid Bounds Tracking LPE |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-03-12 13:17:43 |
|
2024-02-02 02:26:38 |
|
2024-02-01 12:24:12 |
|
2024-01-12 02:19:18 |
|
2023-12-29 02:17:23 |
|
2023-11-22 02:16:48 |
|
2023-09-29 13:11:31 |
|
2023-09-05 13:20:54 |
|
2023-09-05 01:23:43 |
|
2023-09-02 13:19:29 |
|
2023-09-02 01:24:04 |
|
2023-08-12 13:25:35 |
|
2023-08-12 01:23:18 |
|
2023-08-11 13:17:50 |
|
2023-08-11 01:24:04 |
|
2023-08-06 13:15:48 |
|
2023-08-06 01:23:02 |
|
2023-08-04 13:16:11 |
|
2023-08-04 01:23:23 |
|
2023-07-14 13:16:14 |
|
2023-07-14 01:23:11 |
|
2023-06-06 13:08:21 |
|
2023-04-13 02:06:27 |
|
2023-03-29 02:18:23 |
|
2023-03-28 12:23:24 |
|
2023-03-25 02:06:18 |
|
2023-01-25 02:06:31 |
|
2023-01-20 02:06:02 |
|
2022-10-11 13:08:01 |
|
2022-10-11 01:22:51 |
|
2022-09-09 02:06:10 |
|
2022-03-11 01:57:35 |
|
2022-02-01 01:51:37 |
|
2021-12-11 12:52:30 |
|
2021-12-11 01:49:24 |
|
2021-09-14 21:23:36 |
|
2021-09-10 00:23:03 |
|
2021-09-09 21:22:53 |
|
2021-09-02 00:23:08 |
|
2021-09-01 05:22:49 |
|
2021-08-26 12:43:32 |
|
2021-08-24 01:44:02 |
|
2021-08-19 12:44:22 |
|
2021-07-16 21:23:21 |
|
2021-07-16 17:22:57 |
|
2021-06-14 21:23:18 |
|
2021-06-12 00:22:53 |
|
2021-06-05 01:44:36 |
|
2021-06-05 01:44:35 |
|
2021-06-04 17:22:49 |
|
2021-06-04 09:22:48 |
|