CVE-2021-31440 log

Source
Severity Medium
Remote No
Type Privilege escalation
Description
This vulnerability allows local attackers to escalate privileges on affected installations of the Linux kernel before version 5.12.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.
Group Package Affected Fixed Severity Status Ticket
AVG-1961 linux-lts 5.10.36-2 5.10.37-1 Medium Fixed
AVG-1960 linux-hardened 5.11.20.hardened1-2 5.11.21.hardened1-1 Medium Fixed
AVG-1959 linux-zen 5.12.3.zen2-1 5.12.4.zen1-1 Medium Fixed
AVG-1958 linux 5.12.3.arch2-1 5.12.4.arch1-1 Medium Fixed
References
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.4&id=b64a9914918d4f2112fd244fe7bb6f98b20e8f60
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.21&id=d11e645725e9850109a40031997fc05b7dda34c7
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.37&id=4394be0a1866fb78a4dfe0ea38e29c4ed107b890