CVE-2021-3490 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Arbitrary code execution
Description	A security issue was found in the Linux kernel before version 5.12.4. It was discovered that eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) did not update the 32-bit bounds, leading to out-of-bounds reads and writes in the kernel.

Group	Package	Affected	Fixed	Severity	Status
AVG-1961	linux-lts	5.10.36-2	5.10.37-1	Medium	Fixed
AVG-1960	linux-hardened	5.11.20.hardened1-2	5.11.21.hardened1-1	Medium	Fixed
AVG-1959	linux-zen	5.12.3.zen2-1	5.12.4.zen1-1	Medium	Fixed
AVG-1958	linux	5.12.3.arch2-1	5.12.4.arch1-1	Medium	Fixed

References
https://www.openwall.com/lists/oss-security/2021/05/11/11 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.4&id=9fdd1d10daac186e21a77290f9d22b41e175e1b9 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.21&id=3a0066086a338f99205b1c38c9fbefaeb5cd6d28 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.37&id=282bfc8848eaa195d5e994bb700f2c7afb7eb3e6

References

https://www.openwall.com/lists/oss-security/2021/05/11/11
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.4&id=9fdd1d10daac186e21a77290f9d22b41e175e1b9
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.21&id=3a0066086a338f99205b1c38c9fbefaeb5cd6d28
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.37&id=282bfc8848eaa195d5e994bb700f2c7afb7eb3e6