Published: 21/01/2022 Updated: 16/11/2022

CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 4.1 | Impact Score: 3.6 | Exploitability Score: 0.5

VMScore: 418

Vector: AV:L/AC:M/Au:N/C:N/I:C/A:N

A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special privilege (cap_sys_admin or cap_bpf) can modify the frozen mapped address space. This flaw affects kernel versions before 5.16 rc2.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 5.16
linux linux kernel

Several security issues were fixed in the Linux kernel ...

A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if unbind the driver) (CVE-2020-27820) A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was ...

When a map is read-only for the ebpf program and is frozen, the ebpf verifier will directly take the value from the map and directly use the value to participate in the verification of the ebpf verifier After the ebpf program passes the verification of the verifier, and then uses the race condition bug to modify the frozen map content, all the ass ...

CWE-367 https://bugzilla.redhat.com/show_bug.cgi?id=2025645 https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=353050be4c19e102178ccc05988101887c25ae53 https://nvd.nist.gov https://ubuntu.com/security/notices/USN-5278-1

CVE-2021-4001

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect