Vulnerability Details : CVE-2021-3489
The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") (v5.8-rc1).
Vulnerability category: OverflowMemory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2021-3489
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 15 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2021-3489
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
nvd@nist.gov |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
nvd@nist.gov |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
1.1
|
6.0
|
security@ubuntu.com |
CWE ids for CVE-2021-3489
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: security@ubuntu.com (Secondary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by:
- nvd@nist.gov (Primary)
- security@ubuntu.com (Secondary)
References for CVE-2021-3489
-
https://ubuntu.com/security/notices/USN-4949-1
USN-4949-1: Linux kernel vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-21-590/
ZDI-21-590 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
https://ubuntu.com/security/notices/USN-4950-1
USN-4950-1: Linux kernel vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://www.openwall.com/lists/oss-security/2021/05/11/10
oss-security - CVE-2021-3489 - Linux kernel eBPF RINGBUF map oversized allocationMailing List;Third Party Advisory
-
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea
kernel/git/bpf/bpf.git - BPF kernel treePatch;Vendor Advisory
-
https://security.netapp.com/advisory/ntap-20210716-0004/
June 2021 Linux Kernel 5.12.4 Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
Products affected by CVE-2021-3489
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.13:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:20.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:*