Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-31440


This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-13661.


Published

2021-05-21T15:15:07.750

Last Modified

2024-11-21T06:05:40.163

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.0 (HIGH)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.4

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-682

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System linux linux_kernel < 5.10.37 Yes
Operating System linux linux_kernel < 5.11.21 Yes
Operating System linux linux_kernel < 5.12.4 Yes
Operating System netapp solidfire_baseboard_management_controller_firmware - Yes
Hardware netapp solidfire_baseboard_management_controller - No
Application netapp cloud_backup - Yes
Operating System netapp h500s_firmware - Yes
Hardware netapp h500s - No
Operating System netapp h700s_firmware - Yes
Hardware netapp h700s - No
Operating System netapp h300e_firmware - Yes
Hardware netapp h300e - No
Operating System netapp h500e_firmware - Yes
Hardware netapp h500e - No
Operating System netapp h700e_firmware - Yes
Hardware netapp h700e - No
Operating System netapp h410s_firmware - Yes
Hardware netapp h410s - No
Operating System netapp h300s_firmware - Yes
Hardware netapp h300s - No

References