CVE-2021-4001 - log back

CVE-2021-4001 edited at 01 Dec 2021 16:11:11
References
https://bugzilla.redhat.com/show_bug.cgi?id=2025645
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.5&id=a5d1d3522232b4af1f5dee02d381e6fa86be8e2d
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.83&id=33fe044f6a9e8977686a6a09f0bf33e5cc75257e
CVE-2021-4001 edited at 25 Nov 2021 22:06:17
References
https://bugzilla.redhat.com/show_bug.cgi?id=2025645
- https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=353050be4c19e102178ccc05988101887c25ae53
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.5&id=a5d1d3522232b4af1f5dee02d381e6fa86be8e2d
CVE-2021-4001 edited at 22 Nov 2021 17:40:00
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Privilege escalation
Description
+ When a map is read-only for the ebpf program and is frozen, the ebpf verifier will directly take the value from the map and directly use the value to participate in the verification of the ebpf verifier. After the ebpf program passes the verification of the verifier, and then uses the race condition bug to modify the frozen map content, all the assumptions of the ebpf verifier will be invalid, and it may also lead to the problem of local privilege escalation.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=2025645
+ https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=353050be4c19e102178ccc05988101887c25ae53
CVE-2021-4001 created at 22 Nov 2021 17:38:02
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes