Showing 1 - 4 of 4

CVE-2021-31440

Status Candidate

Overview

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-13661.

Related Files

Ubuntu Security Notice USN-4997-2: Posted Jun 28, 2021; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4997-2 - USN-4997-1 fixed vulnerabilities in the Linux kernel for Ubuntu 21.04. This update provides the corresponding updates for the Linux KVM kernel for Ubuntu 21.04. Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Various other issues were also addressed.; tags | advisory, arbitrary, kernel, local, vulnerability, protocol; systems | linux, ubuntu; advisories | CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26141, CVE-2020-26145, CVE-2020-26147, CVE-2021-23133, CVE-2021-23134, CVE-2021-31440, CVE-2021-31829, CVE-2021-32399, CVE-2021-33034, CVE-2021-33200, CVE-2021-3506, CVE-2021-3543, CVE-2021-3609; SHA-256 | 16f2c8cca9066cef3cbb8b6417110467cabb0932233c1b98fecf1f6a500fac6b; Download | Favorite | View

Ubuntu Security Notice USN-5001-1: Posted Jun 23, 2021; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5001-1 - Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly clear received fragments from memory in some situations. A physically proximate attacker could possibly use this issue to inject packets or expose sensitive information. Various other issues were also addressed.; tags | advisory, arbitrary, kernel, local, vulnerability, protocol; systems | linux, ubuntu; advisories | CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26141, CVE-2020-26145, CVE-2020-26147, CVE-2021-23133, CVE-2021-23134, CVE-2021-31440, CVE-2021-32399, CVE-2021-33034, CVE-2021-3506, CVE-2021-3543, CVE-2021-3609; SHA-256 | 5f5601cefe59acf494f5ddfb941d777aac5a9c41385c15183c3994b1ea7cda1c; Download | Favorite | View

Ubuntu Security Notice USN-4999-1: Posted Jun 23, 2021; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4999-1 - Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.; tags | advisory, denial of service, arbitrary, kernel, local, vulnerability, protocol; systems | linux, ubuntu; advisories | CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-25670, CVE-2020-25671, CVE-2020-25673, CVE-2020-26139, CVE-2020-26141, CVE-2020-26145, CVE-2020-26147, CVE-2021-23133, CVE-2021-29155, CVE-2021-31440, CVE-2021-31829, CVE-2021-33200, CVE-2021-3609; SHA-256 | 608a8996ce80308dbc8f67bc54e75f304a5acf75c42f7825463b1e10f884ffae; Download | Favorite | View

Ubuntu Security Notice USN-4997-1: Posted Jun 23, 2021; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4997-1 - Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.; tags | advisory, denial of service, arbitrary, kernel, local, vulnerability, protocol; systems | linux, ubuntu; advisories | CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26141, CVE-2020-26145, CVE-2020-26147, CVE-2021-23133, CVE-2021-23134, CVE-2021-31440, CVE-2021-31829, CVE-2021-32399, CVE-2021-33034, CVE-2021-33200, CVE-2021-3506, CVE-2021-3543, CVE-2021-3609; SHA-256 | b752f37a5817c7e613a44c23fb3cefa0e5dee0cec9c72c2382a006d6cba9ccb6; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 204 files
indoushka 178 files
Ubuntu 93 files
Gentoo 32 files
Debian 20 files
Apple 10 files
LiquidWorm 9 files
malvuln 8 files
Rubén López Herrera 5 files
Google Security Research 5 files

File Archives

Systems

AIX (430)
Apple (2,116)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,137)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,424)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,936)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,900)
UNIX (9,465)
UnixWare (188)
Windows (6,783)
Other

CVE-2021-31440

Overview

Related Files

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems