CVE-2021-3444 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2021-3444?

CVE-2021-3444 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-3444?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Canonical Ubuntu Linux.

Vulnerability Description

The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 5.4.101
Debian	Debian Linux	9.0
Canonical	Ubuntu Linux	14.04

Related Weaknesses (CWE)

CWE-125 CWE-681

References

http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSThird Party AdvisoryVDB Entry
http://www.openwall.com/lists/oss-security/2021/03/23/2Mailing ListThird Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9bMailing ListPatchVendor Advisory
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.htmlMailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20210416-0006/Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/03/23/2Mailing ListThird Party Advisory
http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSThird Party AdvisoryVDB Entry
http://www.openwall.com/lists/oss-security/2021/03/23/2Mailing ListThird Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9bMailing ListPatchVendor Advisory
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.htmlMailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20210416-0006/Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/03/23/2Mailing ListThird Party Advisory

FAQ

What is CVE-2021-3444?

CVE-2021-3444 is a vulnerability with a CVSS score of 7.8 (HIGH). The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs co...

How severe is CVE-2021-3444?

CVE-2021-3444 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3444?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Canonical Ubuntu Linux.