PT-2021-4221 · Linux+8 · Linux Kernel+8
Ga_Ryo
+1
·
Published
2021-05-11
·
Updated
2024-06-15
·
CVE-2021-3489
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to v5.13-rc4
Linux kernel versions prior to v5.12.4
Linux kernel versions prior to v5.11.21
Linux kernel versions prior to v5.10.37
Description
The eBPF RINGBUF
bpf ringbuf reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue allows an attacker to execute arbitrary code in the context of the kernel.Recommendations
For Linux kernel versions prior to v5.13-rc4, update to v5.13-rc4 or later to fix the issue.
For Linux kernel versions prior to v5.12.4, update to v5.12.4 or later to fix the issue.
For Linux kernel versions prior to v5.11.21, update to v5.11.21 or later to fix the issue.
For Linux kernel versions prior to v5.10.37, update to v5.10.37 or later to fix the issue.
Fix
Buffer Overflow
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu