CVE-2021-34866

CWE-843CWE-6977 documents6 sources
Severity
7.8HIGH
EPSS
0.1%
top 67.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux Linux KernelLinux Kernel
Timeline
PublishedJan 25
Latest updateApr 1

Description

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escala

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

Android:linux_kernel::0:2022-04-05
NVDlinux/linux_kernel5.85.10.62+1
CVEListV5linux/kernel5.14-rc3
Debianlinux< 5.10.70-1+3

🔴Vulnerability Details

4
OSV
CVE-2021-34866: In check_map_func_compatibility of verifier2022-04-01
GHSA
GHSA-mrjq-f7fw-fmg2: This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 52022-01-26
OSV
CVE-2021-34866: This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 52022-01-25
CVEList
CVE-2021-34866: This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 52022-01-25

📋Vendor Advisories

2
Red Hat
kernel: eBPF verification flaw2021-10-13
Debian
CVE-2021-34866: linux - This vulnerability allows local attackers to escalate privileges on affected ins...2021