Vulnerability Name:

CVE-2021-3489 (CCN-201682)

Assigned:2021-05-11
Published:2021-05-11
Updated:2021-09-14
Summary:The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") (v5.8-rc1).
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.8 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-787
CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2021-3489

Source: XF
Type: UNKNOWN
linux-kernel-cve20213489-code-exec(201682)

Source: CCN
Type: Kernel GIT Repository
bpf, ringbuf: Deny reserve of buffers larger than ringbuf

Source: MISC
Type: Patch, Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea

Source: CCN
Type: oss-sec Mailing List, Tue, 11 May 2021 14:55:49 -0300
CVE-2021-3489 - Linux kernel eBPF RINGBUF map oversized allocation

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210716-0004/

Source: UBUNTU
Type: Third Party Advisory
https://ubuntu.com/security/notices/USN-4949-1

Source: UBUNTU
Type: Third Party Advisory
https://ubuntu.com/security/notices/USN-4950-1

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] CVE-2021-3489 - Linux kernel eBPF RINGBUF map oversized allocation

Source: CCN
Type: ZDI-21-590
(Pwn2Own) Canonical Ubuntu eBPF Out-Of-Bounds Access Privilege Escalation Vulnerability

Source: MISC
Type: Third Party Advisory, VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-590/

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version >= 5.8 and < 5.10.37)
  • OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version >= 5.11 and < 5.11.21)
  • OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version >= 5.12 and < 5.12.4)
  • OR cpe:/o:linux:linux_kernel:5.13:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:20.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::nfv:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/a:redhat:enterprise_linux:8::realtime:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:5.8:rc1:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8029
    P
    		kernel-docs-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:8090
    P
    		reiserfs-kmp-default-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7581
    P
    		libcaca-devel-0.99.beta19.git20171003-150200.11.9.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7539
    P
    		kernel-64kb-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:723
    P
    		Security update for postgresql14 (Important)
    2022-09-01
    oval:org.opensuse.security:def:3624
    P
    		Security update for curl (Important)
    2022-07-06
    oval:org.opensuse.security:def:3567
    P
    		libXtst6-1.2.2-7.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3398
    P
    		wpa_supplicant-2.6-15.10.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3448
    P
    		busybox-1.21.1-3.3 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3453
    P
    		clamav-0.101.3-1.19 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95078
    P
    		reiserfs-kmp-default-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2960
    P
    		kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95083
    P
    		kernel-azure-5.14.21-150400.12.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94590
    P
    		kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95197
    P
    		kernel-default-extra-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95028
    P
    		kernel-docs-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:6059
    P
    		Security update for ImageMagick (Important)
    2022-05-31
    oval:org.opensuse.security:def:6060
    P
    		Security update for mailman (Important)
    2022-05-31
    oval:org.opensuse.security:def:112507
    P
    		kernel-devel-5.14.6-1.4 on GA media (Moderate)
    2022-01-17
    oval:com.redhat.rhsa:def:20214140
    P
    		RHSA-2021:4140: kernel-rt security and bug fix update (Moderate)
    2021-11-09
    oval:com.redhat.rhsa:def:20214356
    P
    		RHSA-2021:4356: kernel security, bug fix, and enhancement update (Moderate)
    2021-11-09
    oval:org.opensuse.security:def:105999
    P
    		kernel-devel-5.14.6-1.4 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:111584
    P
    		Security update for the Linux Kernel (Important)
    2021-07-11
    oval:org.opensuse.security:def:111583
    P
    		Security update for the Linux Kernel (Important)
    2021-07-11
    oval:org.opensuse.security:def:68339
    P
    		Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) (Important)
    2021-06-29
    oval:org.opensuse.security:def:7250
    P
    		Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) (Important)
    2021-06-29
    oval:org.opensuse.security:def:101901
    P
    		Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) (Important)
    2021-06-29
    oval:org.opensuse.security:def:97146
    P
    		Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) (Important)
    2021-06-29
    oval:org.opensuse.security:def:76216
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:7248
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:101899
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:97070
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:99649
    P
    		 (Important)
    2021-06-15
    oval:org.opensuse.security:def:67148
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:10679
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:101454
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:76217
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:97071
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:99962
    P
    		 (Important)
    2021-06-15
    oval:org.opensuse.security:def:67149
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:73835
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:1543
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:101780
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:68670
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:64713
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:102286
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:100297
    P
    		 (Important)
    2021-06-15
    oval:org.opensuse.security:def:67559
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:74710
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:6470
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:1764
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:101868
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:70819
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:65642
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:8384
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:4553
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:102316
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    oval:org.opensuse.security:def:100626
    P
    		 (Important)
    2021-06-15
    oval:org.opensuse.security:def:68337
    P
    		Security update for the Linux Kernel (Important)
    2021-06-15
    BACK
    linux linux kernel *
    linux linux kernel *
    linux linux kernel *
    linux linux kernel 5.13 -
    linux linux kernel 5.13 rc1
    linux linux kernel 5.13 rc2
    linux linux kernel 5.13 rc3
    canonical ubuntu linux 20.04
    canonical ubuntu linux 20.10
    canonical ubuntu linux 21.04
    linux linux kernel 5.8 rc1