PT-2021-2612 · Linux+1 · Linux Kernel+1

Syzbot

Published

2021-03-08

Updated

2023-05-17

CVE-2021-29648

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.11.11

Description An issue in the Linux kernel's BPF subsystem can cause a system crash due to improper handling of intentionally uninitialized variables resolved ids and resolved sizes in the vmlinux BPF Type Format (BTF). This can occur upon an unexpected access attempt in functions such as map create in kernel/bpf/syscall.c or check btf info in kernel/bpf/verifier.c. The issue is related to authentication procedure shortcomings.

Recommendations For Linux kernel versions prior to 5.11.11, update to version 5.11.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the BPF subsystem to minimize the risk of exploitation.

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307

Related Identifiers

ALT-PU-2021-1582

ALT-PU-2021-1609

ALT-PU-2021-1869

ALT-PU-2021-1888

ALT-PU-2021-1896

ALT-PU-2022-1240

ALT-PU-2022-1419

ALT-PU-2022-1421

ALT-PU-2023-1814

AZL-6551

BDU:2021-02102

CVE-2021-29648

Affected Products

Alt Linux

Linux Kernel

PT-2021-2612 · Linux+1 · Linux Kernel+1

CVE-2021-29648

Weakness Enumeration

Related Identifiers

Affected Products

References · 21