CVE-2021-31440

CWE-68211 documents7 sources
Severity
7.0HIGH
EPSS
0.7%
top 28.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux Linux KernelLinux Kernel
Timeline
PublishedMay 21
Latest updateJun 1

Description

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages4 packages

Android:linux_kernel::0:2022-06-05
NVDlinux/linux_kernel5.75.10.37+2
CVEListV5linux/kernel5.11.15
Debianlinux< 5.10.38-1+3

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

4
OSV
CVE-2021-31440: In __reg_combine_64_into_32 of verifier2022-06-01
GHSA
GHSA-c57j-pq55-rh2x: This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 52022-05-24
CVEList
CVE-2021-31440: This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 52021-05-21
OSV
CVE-2021-31440: This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 52021-05-21

📋Vendor Advisories

6
Ubuntu
Linux kernel (KVM) vulnerabilities2021-06-25
Ubuntu
Linux kernel vulnerabilities2021-06-23
Ubuntu
Linux kernel (OEM) vulnerabilities2021-06-23
Ubuntu
Linux kernel vulnerabilities2021-06-23
Red Hat
kernel: local escalation of privileges in handling of eBPF programs2021-05-21
CVE-2021-31440 (HIGH CVSS 7) | This vulnerability allows local att | cvebase.io