PT-2021-7382 · Linux+5 · Linux Kernel+5

W1Tcher.Bupt

·

Published

2021-11-09

·

Updated

2023-10-04

·

CVE-2021-4001

CVSS v2.0

4.7

Medium

VectorAV:L/AC:M/Au:N/C:N/I:C/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.16 rc2
Description A race condition was found in the Linux kernel's ebpf verifier between bpf map update elem and bpf map freeze due to a missing lock in kernel/bpf/syscall.c. This issue allows a local user with special privileges, such as cap sys admin or cap bpf, to modify the frozen mapped address space, potentially compromising data integrity.
Recommendations For Linux kernel versions prior to 5.16 rc2, update to version 5.16 rc2 or later to resolve the issue. As a temporary workaround, consider restricting the use of bpf map update elem and bpf map freeze functions until a patch is available. Additionally, limiting privileges to prevent local users from obtaining cap sys admin or cap bpf capabilities can help minimize the risk of exploitation.

Fix

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-367

Related Identifiers

ALT-PU-2021-3330
ALT-PU-2021-3358
ALT-PU-2021-3433
ALT-PU-2021-3434
ALT-PU-2021-3435
ALT-PU-2021-3478
ALT-PU-2021-3485
ALT-PU-2021-3527
ALT-PU-2021-3563
ALT-PU-2021-3573
ALT-PU-2021-3660
ALT-PU-2022-1117
ALT-PU-2022-1240
ALT-PU-2022-1419
ALT-PU-2022-1421
ALT-PU-2023-1814
ALT-PU-2023-4894
BDU:2022-05887
CVE-2021-4001
MGASA-2021-0538
MGASA-2021-0539
OPENSUSE-SU-2022:0056-1
OPENSUSE-SU-2022:0131-1
OPENSUSE-SU-2022_0056-1
OPENSUSE-SU-2022_0131-1
SUSE-SU-2022:0056-1
SUSE-SU-2022:0079-1
SUSE-SU-2022:0131-1
SUSE-SU-2022:0181-1
SUSE-SU-2022:0197-1
SUSE-SU-2022:0978-1
SUSE-SU-2022:0984-1
USN-5207-1
USN-5265-1
USN-5278-1
USN-6417-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu