CVE-2021-31440

Name of the Vulnerable Software and Affected Versions Linux Kernel version 5.11.15

Description This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the handling of eBPF programs, resulting from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this issue to escalate privileges and execute arbitrary code in the context of the kernel.

Recommendations For Linux Kernel version 5.11.15, consider disabling the handling of eBPF programs as a temporary workaround until a patch is available. Restrict access to the eBPF subsystem to minimize the risk of exploitation. Avoid using the CAP SYS MODULE capability in containers to prevent attackers from loading arbitrary kernel modules. Implement seccomp to restrict system calls and reduce the attack surface.