← Back to CVEs
CVE-2021-20268
HIGH7.8
Description
An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE Details
CVSS v3.1 Score7.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published3/9/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
linux:linux_kernel
Weaknesses (CWE)
CWE-20CWE-190
References
https://bugzilla.redhat.com/show_bug.cgi?id=1923816(secalert@redhat.com)
https://lore.kernel.org/bpf/CACAyw99bEYWJCSGqfLiJ9Jp5YE1ZsZSiJxb4RFUTwbofipf0dA%40mail.gmail.com/T/#m8929643e99bea9c18ed490a7bc2591145eac6444(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20210409-0006/(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1923816(af854a3a-2127-422b-91ae-364da2661108)
https://lore.kernel.org/bpf/CACAyw99bEYWJCSGqfLiJ9Jp5YE1ZsZSiJxb4RFUTwbofipf0dA%40mail.gmail.com/T/#m8929643e99bea9c18ed490a7bc2591145eac6444(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210409-0006/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.