PT-2021-2376 · Linux+4 · Linux Kernel+4

Pedro Sampaio

Published

2021-01-20

Updated

2023-06-30

CVE-2021-20268

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev map init map or sock map alloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-20

Related Identifiers

ALT-PU-2021-1136

ALT-PU-2021-1170

ALT-PU-2021-1188

ALT-PU-2021-1417

ALT-PU-2021-1424

ALT-PU-2021-1446

ALT-PU-2021-1621

ALT-PU-2021-1656

ALT-PU-2021-1739

ALT-PU-2021-1862

ALT-PU-2021-1866

ALT-PU-2021-1870

BDU:2021-01616

CVE-2021-20268

OPENSUSE-SU-2021:1975-1

OPENSUSE-SU-2021:1977-1

OPENSUSE-SU-2021_1975-1

OPENSUSE-SU-2021_1977-1

SUSE-SU-2021:1975-1

SUSE-SU-2021:1977-1

USN-4910-1

Affected Products

Alt Linux

Linuxmint

Linux Kernel

Suse

Ubuntu

PT-2021-2376 · Linux+4 · Linux Kernel+4

CVE-2021-20268

Weakness Enumeration

Related Identifiers

Affected Products

References · 411