CVE-2021-3489
HIGHLinux Kernel 5.8-5.10.37 - Out-of-Bounds Write via eBPF RINGBUF bpf_ringbuf_reserve
Title source: llmDescription
The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") (v5.8-rc1).
References (6)
Core 6
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://www.openwall.com/lists/oss-security/2021/05/11/10
Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-21-590/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://ubuntu.com/security/notices/USN-4950-1
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://ubuntu.com/security/notices/USN-4949-1
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210716-0004/
Scores
CVSS v3
7.8
EPSS
0.0008
EPSS Percentile
22.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-119
CWE-787
Status
published
Products (5)
canonical/ubuntu_linux
20.04
canonical/ubuntu_linux
20.10
canonical/ubuntu_linux
21.04
linux/linux_kernel
5.13 (4 CPE variants)
linux/linux_kernel
5.8 - 5.10.37
Published
Jun 04, 2021
Tracked Since
Feb 18, 2026