Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-34866

Related Vulnerabilities: CVE-2021-34866  

A vulnerability was found in Linux Kernel, where a type confusion problem in check_map_func_compatibility() may lead to free arbitrary kernel memory.

Source

Description

A vulnerability was found in Linux Kernel, where a type confusion problem in check_map_func_compatibility() may lead to free arbitrary kernel memory.

Mitigation

The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.

For the Red Hat Enterprise Linux 7 the eBPF for unprivileged users is always disabled.
For the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:

# cat /proc/sys/kernel/unprivileged_bpf_disabled

The setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.

A kernel update will be required to mitigate the flaw for the root or users with CAP_SYS_ADMIN capabilities.

Additional Information

  • Bugzilla 2000457: CVE-2021-34866 kernel: eBPF verification flaw
  • CWE-697: Incorrect Comparison
  • FAQ: Frequently asked questions about CVE-2021-34866

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started