Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2021-3490HistoryJun 04, 2021 - 2:15 a.m.
CVE-2021-3490
2021-06-0402:15:07
Debian Security Bug Tracker
security-tracker.debian.org
53
0.002 Low
EPSS
Percentile
57.1%
The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e (“bpf: Fix alu32 const subreg bound tracking on bitwise operations”) (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 (“bpf: Verifier, do explicit ALU32 bounds tracking”) (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 (“bpf:Fix a verifier failure with xor”) ( 5.10-rc1).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | linux | < 5.10.38-1 | linux_5.10.38-1_all.deb |
| Debian | 11 | all | linux | < 5.10.38-1 | linux_5.10.38-1_all.deb |
| Debian | 10 | all | linux | < 4.19.249-2 | linux_4.19.249-2_all.deb |
| Debian | 999 | all | linux | < 5.10.38-1 | linux_5.10.38-1_all.deb |
| Debian | 13 | all | linux | < 5.10.38-1 | linux_5.10.38-1_all.deb |
Related
redhatcve
redhatcve
CVE-2021-3490
2021-05-11 20:54:11
githubexploit
githubexploit
Exploit for Out-of-bounds Read in Linux Linux Kernel
2021-06-24 18:50:17
Exploit for Out-of-bounds Read in Linux Linux Kernel
2023-04-06 03:21:11
prion
prion
Out-of-bounds
2021-06-04 02:15:00
cvelist
cvelist
CVE-2021-3490 Linux kernel eBPF bitwise ops ALU32 bounds tracking
2021-05-11 00:00:00
f5
f5
K43346111 : Linux kernel eBPF vulnerability CVE-2021-3490
2021-08-18 00:00:00
zdi
zdi
cnvd
cnvd
Linux kernel buffer overflow vulnerability (CNVD-2021-54395)
2021-07-16 00:00:00
ubuntucve
ubuntucve
CVE-2021-3490
2021-05-11 00:00:00
cve
cve
CVE-2021-3490
2021-06-04 02:15:07
zdt
zdt
packetstorm
packetstorm
Linux eBPF ALU32 32-bit Invalid Bounds Tracking Local Privilege Escalation
2021-09-01 00:00:00
metasploit
metasploit
Linux eBPF ALU32 32-bit Invalid Bounds Tracking LPE
2021-08-17 23:01:14
photon
photon
Important Photon OS Security Update - PHSA-2021-0023
2021-05-12 00:00:00
Important Photon OS Security Update - PHSA-2021-4.0-0023
2021-05-12 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4950-1)
2022-01-28 00:00:00
Fedora: Security Advisory for kernel-headers (FEDORA-2021-286375de1e)
2021-05-20 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2021-05152dbcf5)
2021-05-20 00:00:00
nessus
nessus
Photon OS 4.0: Linux PHSA-2021-4.0-0023
2021-05-12 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-001)
2022-05-02 00:00:00
openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1975-1)
2021-07-16 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: kernel-tools-5.11.20-300.fc34
2021-05-16 02:03:14
[SECURITY] Fedora 33 Update: kernel-5.11.20-200.fc33
2021-05-16 02:06:51
[SECURITY] Fedora 34 Update: kernel-headers-5.11.20-300.fc34
2021-05-16 02:03:14
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-09-03 16:30:26
redos
redos
ROS-20220919-01
2022-09-19 00:00:00