CVE-2021-31440 - log back

CVE-2021-31440 edited at 21 May 2021 22:07:58
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Privilege escalation
Description
+ This vulnerability allows local attackers to escalate privileges on affected installations of the Linux kernel before version 5.12.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.4&id=b64a9914918d4f2112fd244fe7bb6f98b20e8f60
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.21&id=d11e645725e9850109a40031997fc05b7dda34c7
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.37&id=4394be0a1866fb78a4dfe0ea38e29c4ed107b890
CVE-2021-31440 created at 21 May 2021 22:05:06
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes