CVE-2021-3444
Description
The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 (bpf: Fix truncation handling for mod32 dst reg wrt zero) and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.055
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Linux kernel (USN-4887-1) linux-image-aws_5.4.0.1041.24_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-aws_5.4.0.1041.42_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-aws_5.8.0.1027.29_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-gcp_5.4.0.1040.27_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-gcp_5.4.0.1040.49_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-gcp_5.8.0.1026.26_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-gke_5.8.0.1026.26_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-kvm_5.4.0.1036.34_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-kvm_5.8.0.1022.24_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-oem_5.4.0.70.73_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-oem_5.4.0.70.78~18.04.63_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-azure_5.4.0.1043.23_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-azure_5.4.0.1043.41_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-azure_5.8.0.1026.26_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-gkeop_5.4.0.1012.15_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-oracle_5.4.0.1041.38_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-oracle_5.8.0.1024.23_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-oracle_5.4.0.1041.44~18.04.23_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-generic_5.4.0.70.73_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-generic_5.8.0.48.53_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-gke-5.3_5.3.0.1041.24_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-gke-5.4_5.4.0.1039.41~18.04.6_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-virtual_5.4.0.70.73_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-virtual_5.8.0.48.53_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-oem-osp1_5.4.0.70.73_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-oem-osp1_5.4.0.70.78~18.04.63_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-gkeop-5.3_5.3.0.72.129_i386.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-gkeop-5.3_5.3.0.72.129_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-gkeop-5.4_5.4.0.1012.15_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-gkeop-5.4_5.4.0.1012.13~18.04.13_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-oem-20.04_5.8.0.48.53_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-oem-20.04_5.6.0.1052.48_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-lowlatency_5.4.0.70.73_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-lowlatency_5.8.0.48.53_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-oem-20.04b_5.10.0.1019.20_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.3.0-1041-gke_5.3.0-1041.44_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.4.0-1036-kvm_5.4.0-1036.37_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.4.0-1039-gke_5.4.0-1039.41~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.4.0-1040-gcp_5.4.0-1040.43_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.4.0-1040-gcp_5.4.0-1040.43~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.4.0-1041-aws_5.4.0-1041.43_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.4.0-1041-aws_5.4.0-1041.43~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.6.0-1052-oem_5.6.0-1052.56_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.8.0-1022-kvm_5.8.0-1022.24_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.8.0-1026-gcp_5.8.0-1026.27_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.8.0-1027-aws_5.8.0-1027.29_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.10.0-1019-oem_5.10.0-1019.20_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.3.0-72-generic_5.3.0-72.68_i386.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.3.0-72-generic_5.3.0-72.68_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.4.0-1012-gkeop_5.4.0-1012.13_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.4.0-1012-gkeop_5.4.0-1012.13~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.4.0-1043-azure_5.4.0-1043.45_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.4.0-1043-azure_5.4.0-1043.45~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.4.0-70-generic_5.4.0-70.78_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.4.0-70-generic_5.4.0-70.78~18.04.1_i386.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.4.0-70-generic_5.4.0-70.78~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.8.0-1026-azure_5.8.0-1026.28_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.8.0-48-generic_5.8.0-48.54_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.8.0-48-generic_5.8.0-48.54~20.04.1_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.4.0-1041-oracle_5.4.0-1041.44_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.4.0-1041-oracle_5.4.0-1041.44~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.8.0-1024-oracle_5.8.0-1024.25_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-generic-hwe-18.04_5.4.0.70.78~18.04.63_i386.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-generic-hwe-18.04_5.4.0.70.78~18.04.63_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-generic-hwe-20.04_5.8.0.48.54~20.04.32_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-virtual-hwe-18.04_5.4.0.70.78~18.04.63_i386.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-virtual-hwe-18.04_5.4.0.70.78~18.04.63_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-virtual-hwe-20.04_5.8.0.48.54~20.04.32_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.3.0-72-lowlatency_5.3.0-72.68_i386.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.3.0-72-lowlatency_5.3.0-72.68_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.4.0-70-lowlatency_5.4.0-70.78_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.4.0-70-lowlatency_5.4.0-70.78~18.04.1_i386.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.4.0-70-lowlatency_5.4.0-70.78~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.8.0-48-lowlatency_5.8.0-48.54_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-5.8.0-48-lowlatency_5.8.0-48.54~20.04.1_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-lowlatency-hwe-18.04_5.4.0.70.78~18.04.63_i386.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-lowlatency-hwe-18.04_5.4.0.70.78~18.04.63_amd64.deb | Linux |
| Linux kernel (USN-4887-1) linux-image-lowlatency-hwe-20.04_5.8.0.48.54~20.04.32_amd64.deb | Linux |
| SUSE-SU-2021:1175-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-azure-4.12.14-16.50.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1175-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-azure-base-4.12.14-16.50.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1175-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-azure-base-debuginfo-4.12.14-16.50.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1175-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-azure-debuginfo-4.12.14-16.50.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1175-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-azure-debugsource-4.12.14-16.50.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1175-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-azure-devel-4.12.14-16.50.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1175-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-devel-azure-4.12.14-16.50.1.noarch.rpm | Linux |
| SUSE-SU-2021:1175-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-source-azure-4.12.14-16.50.1.noarch.rpm | Linux |
| SUSE-SU-2021:1175-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-syms-azure-4.12.14-16.50.1.x86_64.rpm | Linux |
| Kernel-uek update (ELSA-2021-9140) kernel-uek-5.4.17-2102.200.13.el8uek.x86_64.rpm | Linux |
| Kernel-uek-debug update (ELSA-2021-9140) kernel-uek-debug-5.4.17-2102.200.13.el8uek.x86_64.rpm | Linux |
| Kernel-uek-debug-devel update (ELSA-2021-9140) kernel-uek-debug-devel-5.4.17-2102.200.13.el8uek.x86_64.rpm | Linux |
| Kernel-uek-devel update (ELSA-2021-9140) kernel-uek-devel-5.4.17-2102.200.13.el8uek.x86_64.rpm | Linux |
| Kernel-uek-doc update (ELSA-2021-9140) kernel-uek-doc-5.4.17-2102.200.13.el8uek.noarch.rpm | Linux |
| Kernel-uek-container update (ELSA-2021-9141) kernel-uek-container-5.4.17-2102.200.13.el8.x86_64.rpm | Linux |
| Kernel-uek-container-debug update (ELSA-2021-9141) kernel-uek-container-debug-5.4.17-2102.200.13.el8.x86_64.rpm | Linux |
| SUSE-SU-2021:1210-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-default-4.12.14-122.66.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1210-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-default-base-4.12.14-122.66.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1210-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-default-base-debuginfo-4.12.14-122.66.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1210-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-default-debuginfo-4.12.14-122.66.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1210-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-default-debugsource-4.12.14-122.66.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1210-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-default-devel-4.12.14-122.66.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1210-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-default-devel-debuginfo-4.12.14-122.66.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1210-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-devel-4.12.14-122.66.2.noarch.rpm | Linux |
| SUSE-SU-2021:1210-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-macros-4.12.14-122.66.2.noarch.rpm | Linux |
| SUSE-SU-2021:1210-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-source-4.12.14-122.66.2.noarch.rpm | Linux |
| SUSE-SU-2021:1210-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-syms-4.12.14-122.66.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1595-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-default-4.12.14-122.71.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1595-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-default-base-4.12.14-122.71.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1595-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-default-base-debuginfo-4.12.14-122.71.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1595-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-default-debuginfo-4.12.14-122.71.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1595-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-default-debugsource-4.12.14-122.71.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1595-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-default-devel-4.12.14-122.71.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1595-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-default-devel-debuginfo-4.12.14-122.71.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1595-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-devel-4.12.14-122.71.1.noarch.rpm | Linux |
| SUSE-SU-2021:1595-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-macros-4.12.14-122.71.1.noarch.rpm | Linux |
| SUSE-SU-2021:1595-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-source-4.12.14-122.71.1.noarch.rpm | Linux |
| SUSE-SU-2021:1595-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-syms-4.12.14-122.71.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234