CVE-2021-3444

Advisory lineage Upstream: 0 Downstream: 29

Downstream

DEBIAN-CVE-2021-3444 DLA-2785-1 LSN-0082-1 OPENSUSE-SU-2021:0532-1 OPENSUSE-SU-2021:0758-1 OPENSUSE-SU-2021:1975-1

Modified

Published: 23 Mar 2021, 17:45

Last modified:16 Sept 2024, 17:27

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v3.1 (cve.org)

EPSS Score

0.03% LOW

0% probability -0.05%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

23 Mar 2021, 17:45

Published

Vulnerability first disclosed

16 Sept 2024, 17:27

Last Modified

Vulnerability information updated

Description

The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
v2.0•MEDIUM•Score: 4.6AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.03%• Percentile: 9%

Techniques & Countermeasures

CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-681•Incorrect Conversion between Numeric Types
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

Affected Systems

canonical•ubuntu_linux
14.04 | 16.04 | 18.04 | 20.04
debian•debian_linux
9.0
Unknown•Kernel
≥ trunk, < 5.12-rc1 | ≥ 5.11, < 5.11.2 | ≥ 5.10, < 5.10.19 | ≥ 5.4, < 5.4.101
linux•linux_kernel
< 5.4.101 | ≥ 5.5.0, < 5.10.19 | ≥ 5.11, < 5.11.2