Bug 1959559 (CVE-2021-3489) - CVE-2021-3489 kernel: Linux kernel eBPF RINGBUF map oversized allocation
Summary: CVE-2021-3489 kernel: Linux kernel eBPF RINGBUF map oversized allocation
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-3489
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1969308 1959561 1968590 1968591 1968593
Blocks: 1959562
TreeView+ depends on / blocked
 
Reported: 2021-05-11 19:01 UTC by Pedro Sampaio
Modified: 2021-11-09 20:55 UTC (History)
43 users (show)

Fixed In Version: kernel 5.13 rc4
Doc Type: If docs needed, set a value
Doc Text:
A flaw out of bound memory write in the Linux kernel BPF subsystem was found in the way user writes to BPF ring buffer too fast, so larger buffer than available memory could be allocated. A local user could use this flaw to crash the system or possibly escalate their privileges on the system.
Clone Of:
Environment:
Last Closed: 2021-11-09 20:55:30 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:4140 0 None None None 2021-11-09 17:22:28 UTC
Red Hat Product Errata RHSA-2021:4356 0 None None None 2021-11-09 18:25:20 UTC

Description Pedro Sampaio 2021-05-11 19:01:59 UTC 
A flaw out of bound memory write in the Linux kernel BPF subsystem was found in the way user writes to BPF ring buffer too fast, so larger buffer than available memory could be allocated. A local user could use this flaw to crash the system or possibly escalate their privileges on the system.

References:

https://www.openwall.com/lists/oss-security/2021/05/11/10
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea
Comment 1 Pedro Sampaio 2021-05-11 19:06:41 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1959561]
Comment 12 errata-xmlrpc 2021-11-09 17:22:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4140 https://access.redhat.com/errata/RHSA-2021:4140
Comment 13 errata-xmlrpc 2021-11-09 18:25:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4356 https://access.redhat.com/errata/RHSA-2021:4356
Comment 14 Product Security DevOps Team 2021-11-09 20:55:25 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3489
Note You need to log in before you can comment on or make changes to this bug.