cbcvebase.
CVE-2021-3444
published 2021-03-23

CVE-2021-3444: The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker…

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.

Affected

38 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debianlinux< linux 5.10.19-1 (bookworm)linux 5.10.19-1 (bookworm)
googlechrome_chrome
linuxkernel>= 5.10 < 5.10.195.10.19
linuxkernel>= 5.11 < 5.11.25.11.2
linuxkernel>= 5.4 < 5.4.1015.4.101
linuxkernel>= trunk < 5.12-rc15.12-rc1
linuxlinux_kernel< 5.4.1015.4.101
linuxlinux_kernel>= 0 < 5.10.19-15.10.19-1
linuxlinux_kernel>= 0 < 5.10.19-15.10.19-1
linuxlinux_kernel>= 0 < 5.10.19-15.10.19-1
linuxlinux_kernel>= 0 < 5.10.19-15.10.19-1
linuxlinux_kernel>= 0 < 5.4.0-70.785.4.0-70.78
linuxlinux_kernel>= 0 < 4.4.0-203.2354.4.0-203.235
linuxlinux_kernel>= 0 < 4.15.0-136.1404.15.0-136.140
linuxlinux_kernel>= 0 < 5.4.0-70.785.4.0-70.78
linuxlinux_kernel>= 5.11 < 5.11.25.11.2
linuxlinux_kernel>= 5.5.0 < 5.10.195.10.19
msrckernel-5.10.57.1-1.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm
msrckernel-5.10.57.1-1.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64
msrckernel-debuginfo-5.10.57.1-1.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH