UBUNTU-CVE-2021-20268

Advisory lineage Upstream: 1 Downstream: 1
Upstream
CVE-2021-20268
Downstream
USN-4910-1
Published: 09 Mar 2021, 18:15
Last modified:04 Feb 2026, 03:03

Vulnerability Summary

Overall Risk (default)
medium
31/100
CVSS Score
7.8 HIGH
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

09 Mar 2021, 18:15
Published
Vulnerability first disclosed
04 Feb 2026, 03:03
Last Modified
Vulnerability information updated

Description

An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVSS Metrics

  • v3.1HIGHScore: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

  • ubuntulinux-aws-5.0

    all

  • ubuntulinux-aws-5.3

    all

  • ubuntulinux-azure

    all

  • ubuntulinux-azure-5.3

    all

  • ubuntulinux-azure-edge

    all

  • ubuntulinux-gcp

    all

  • ubuntulinux-gcp-5.3

    all

  • ubuntulinux-gcp-edge

    all

  • ubuntulinux-gke-4.15

    all

  • ubuntulinux-hwe

    all

  • ubuntulinux-hwe-5.8

    < 5.8.0-49.55~20.04.1

  • ubuntulinux-hwe-edge

    all | all

  • ubuntulinux-oem

    all

  • ubuntulinux-oem-5.10

    < 5.10.0-1014.15

  • ubuntulinux-oracle-5.0

    all

  • ubuntulinux-oracle-5.3

    all

  • ubuntulinux-raspi2

    all

  • ubuntulinux-riscv

    all

  • ubuntulinux-riscv-5.8

    < 5.8.0-22.24~20.04.1

References (5)