Vulnerability Details : CVE-2021-3489
The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") (v5.8-rc1).
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2021-3489
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.13:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:20.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-3489
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 4 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-3489
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
1.1
|
6.0
|
Canonical Ltd. |
CWE ids for CVE-2021-3489
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: security@ubuntu.com (Secondary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by:
- nvd@nist.gov (Primary)
- security@ubuntu.com (Secondary)
References for CVE-2021-3489
-
https://ubuntu.com/security/notices/USN-4949-1
USN-4949-1: Linux kernel vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-21-590/
ZDI-21-590 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
https://ubuntu.com/security/notices/USN-4950-1
USN-4950-1: Linux kernel vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://www.openwall.com/lists/oss-security/2021/05/11/10
oss-security - CVE-2021-3489 - Linux kernel eBPF RINGBUF map oversized allocationMailing List;Third Party Advisory
-
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea
kernel/git/bpf/bpf.git - BPF kernel treePatch;Vendor Advisory
-
https://security.netapp.com/advisory/ntap-20210716-0004/
June 2021 Linux Kernel 5.12.4 Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
Jump to