CVE-2021-3444
Vulnerability from cvelistv5
Published
2021-03-23 17:45
Modified
2024-09-16 17:27
Severity ?
EPSS score ?
Summary
Linux kernel bpf verifier incorrect mod32 truncation
References
▼ | URL | Tags | |
---|---|---|---|
security@ubuntu.com | http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html | Third Party Advisory, VDB Entry | |
security@ubuntu.com | http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html | Third Party Advisory, VDB Entry | |
security@ubuntu.com | http://www.openwall.com/lists/oss-security/2021/03/23/2 | Mailing List, Third Party Advisory | |
security@ubuntu.com | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809 | Mailing List, Patch, Vendor Advisory | |
security@ubuntu.com | https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html | Mailing List, Third Party Advisory | |
security@ubuntu.com | https://security.netapp.com/advisory/ntap-20210416-0006/ | Third Party Advisory | |
security@ubuntu.com | https://www.openwall.com/lists/oss-security/2021/03/23/2 | Mailing List, Third Party Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:53:17.550Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2021/03/23/2" }, { "name": "[oss-security] 20210323 [CVE-2021-3444] Linux kernel bpf verifier incorrect mod32 truncation", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/03/23/2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210416-0006/" }, { "name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "Linux", "versions": [ { "lessThan": "5.12-rc1", "status": "affected", "version": "trunk", "versionType": "custom" }, { "lessThan": "5.11.2", "status": "affected", "version": "5.11", "versionType": "custom" }, { "lessThan": "5.10.19", "status": "affected", "version": "5.10", "versionType": "custom" }, { "lessThan": "5.4.101", "status": "affected", "version": "5.4", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "De4dCr0w of 360 Alpha Lab" } ], "datePublic": "2021-03-23T00:00:00", "descriptions": [ { "lang": "en", "value": "The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 (\"bpf: Fix truncation handling for mod32 dst reg wrt zero\") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-681", "description": "CWE-681: Incorrect Conversion between Numeric Types", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-12T18:06:17", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.openwall.com/lists/oss-security/2021/03/23/2" }, { "name": "[oss-security] 20210323 [CVE-2021-3444] Linux kernel bpf verifier incorrect mod32 truncation", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/03/23/2" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210416-0006/" }, { "name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html" } ], "solutions": [ { "lang": "en", "value": "Apply or update to a kernel that contains the commit 9b00f1b78809 (\"bpf: Fix truncation handling for mod32 dst reg wrt zero\")." } ], "source": { "discovery": "EXTERNAL" }, "title": "Linux kernel bpf verifier incorrect mod32 truncation", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2021-03-23T00:00:00.000Z", "ID": "CVE-2021-3444", "STATE": "PUBLIC", "TITLE": "Linux kernel bpf verifier incorrect mod32 truncation" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "kernel", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "trunk", "version_value": "5.12-rc1" }, { "version_affected": "\u003c", "version_name": "5.11", "version_value": "5.11.2" }, { "version_affected": "\u003c", "version_name": "5.10", "version_value": "5.10.19" }, { "version_affected": "\u003c", "version_name": "5.4", "version_value": "5.4.101" } ] } } ] }, "vendor_name": "Linux" } ] } }, "credit": [ { "lang": "eng", "value": "De4dCr0w of 360 Alpha Lab" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 (\"bpf: Fix truncation handling for mod32 dst reg wrt zero\") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-681: Incorrect Conversion between Numeric Types" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809" }, { "name": "https://www.openwall.com/lists/oss-security/2021/03/23/2", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2021/03/23/2" }, { "name": "[oss-security] 20210323 [CVE-2021-3444] Linux kernel bpf verifier incorrect mod32 truncation", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/03/23/2" }, { "name": "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html" }, { "name": "https://security.netapp.com/advisory/ntap-20210416-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210416-0006/" }, { "name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html" }, { "name": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html" } ] }, "solution": [ { "lang": "en", "value": "Apply or update to a kernel that contains the commit 9b00f1b78809 (\"bpf: Fix truncation handling for mod32 dst reg wrt zero\")." } ], "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2021-3444", "datePublished": "2021-03-23T17:45:13.714724Z", "dateReserved": "2021-03-16T00:00:00", "dateUpdated": "2024-09-16T17:27:58.788Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-3444\",\"sourceIdentifier\":\"security@ubuntu.com\",\"published\":\"2021-03-23T18:15:13.627\",\"lastModified\":\"2021-12-02T19:37:08.323\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 (\\\"bpf: Fix truncation handling for mod32 dst reg wrt zero\\\") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.\"},{\"lang\":\"es\",\"value\":\"El comprobador bpf en el kernel de Linux no manej\u00f3 apropiadamente el truncamiento del registro de destino mod32 cuando se sab\u00eda que el registro de origen era 0. Un atacante local con la habilidad de cargar programas bpf podr\u00eda usar esta ganancia para lecturas fuera de l\u00edmites en la memoria del kernel que conllevan a una divulgaci\u00f3n de informaci\u00f3n (memoria del kernel) y, posiblemente, escrituras fuera de l\u00edmites que podr\u00edan conllevar a una ejecuci\u00f3n de c\u00f3digo.\u0026#xa0;Este problema se solucion\u00f3 en el kernel ascendente en el commit 9b00f1b78809 (\\\"bpf: Fix truncation handling for mod32 dst reg wrt zero\\\") y en los kernels estables de Linux versiones 5.11.2, 5.10.19 y 5.4.101\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"security@ubuntu.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.1,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.6},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"},{\"lang\":\"en\",\"value\":\"CWE-681\"}]},{\"source\":\"security@ubuntu.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-681\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.4.101\",\"matchCriteriaId\":\"36030D2B-5E11-4302-B7B5-DA19CBB32FF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5.0\",\"versionEndExcluding\":\"5.10.19\",\"matchCriteriaId\":\"9BBBC05B-CC76-44E3-976E-E99B2C36EC8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.11.2\",\"matchCriteriaId\":\"30C037BA-454E-4E10-A31F-E7DDBE066599\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"815D70A8-47D3-459C-A32C-9FEACA0659D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"902B8056-9E37-443B-8905-8AA93E2447FB\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/03/23/2\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210416-0006/\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2021/03/23/2\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}" } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.