CVE-2021-31440 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Privilege escalation
Description	This vulnerability allows local attackers to escalate privileges on affected installations of the Linux kernel before version 5.12.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.

Group	Package	Affected	Fixed	Severity	Status
AVG-1961	linux-lts	5.10.36-2	5.10.37-1	Medium	Fixed
AVG-1960	linux-hardened	5.11.20.hardened1-2	5.11.21.hardened1-1	Medium	Fixed
AVG-1959	linux-zen	5.12.3.zen2-1	5.12.4.zen1-1	Medium	Fixed
AVG-1958	linux	5.12.3.arch2-1	5.12.4.arch1-1	Medium	Fixed

References
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.4&id=b64a9914918d4f2112fd244fe7bb6f98b20e8f60 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.21&id=d11e645725e9850109a40031997fc05b7dda34c7 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.37&id=4394be0a1866fb78a4dfe0ea38e29c4ed107b890

References

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.4&id=b64a9914918d4f2112fd244fe7bb6f98b20e8f60
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.21&id=d11e645725e9850109a40031997fc05b7dda34c7
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.37&id=4394be0a1866fb78a4dfe0ea38e29c4ed107b890