2000457 – (CVE-2021-34866) CVE-2021-34866 kernel: eBPF verification flaw

Bug 2000457 (CVE-2021-34866) - CVE-2021-34866 kernel: eBPF verification flaw [NEEDINFO]

Summary: CVE-2021-34866 kernel: eBPF verification flaw

Keywords:
Status:	NEW
Alias:	CVE-2021-34866
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2004731 2004732 2004733
Blocks:	1997324 2014625
TreeView+	depends on / blocked

Reported:	2021-09-02 08:00 UTC by Dhananjay Arunesh
Modified:	2023-12-06 09:36 UTC (History)
CC List:	39 users (show)
Fixed In Version:	Kernel 5.14
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in Linux Kernel, where a type confusion problem in check_map_func_compatibility() may lead to free arbitrary kernel memory.
Clone Of:
Environment:
Last Closed:
Embargoed:
Flags:	vmalik: needinfo? (rkeshri)

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2021-09-02 08:00:28 UTC

A vulnerability was found in Linux Kernel, where a type confusion problem in check_map_func_compatibility() may lead to free arbitrary kernel memory.

Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=5b029a32cfe4600f5e10e36b41778506b90fd4de
https://www.zerodayinitiative.com/advisories/ZDI-21-1148/

Note You need to log in before you can comment on or make changes to this bug.

acaringi
adscvr
airlied
alciregi
bhu
chwhite
crwood
dvlasenk
hdegoede
hkrzesin
jarod
jarodwilson
jburrell
jeremy
jforbes
jglisse
jlelli
jonathan
josef
jshortt
jstancek
jwboyer
kcarcia
kernel-maint
kernel-mgr
lgoncalv
linville
masami256
mchehab
nmurray
ptalbert
qzhao
rkeshri
rvrbovsk
steved
vkumar
vmalik
walters
williams