CVE-2021-3490— Linux kernel eBPF bitwise ops ALU32 bounds tracking
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-3490
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Linux kernel eBPF bitwise ops ALU32 bounds tracking
Source: NVD (National Vulnerability Database)
Vulnerability Description
The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存写
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在缓冲区错误漏洞。该漏洞源于发现按位操作(AND,OR和XOR)的eBPF ALU32边界跟踪不会更新32位边界。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Linux | Linux kernel | trunk ~ v5.13-rc4 | - |
II. Public POCs for CVE-2021-3490
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | None | https://github.com/chompie1337/Linux_LPE_eBPF_CVE-2021-3490 | POC Details |
| 2 | None | https://github.com/pivik271/CVE-2021-3490 | POC Details |
| 3 | None | https://github.com/BanaxavSplit/CVE-2021-3490 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-3490
请登录查看更多情报信息。
- https://www.zerodayinitiative.com/advisories/ZDI-21-606/x_refsource_MISC
- https://security.netapp.com/advisory/ntap-20210716-0004/x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2021-3490
Same Patch Batch · Linux · 2021-06-04 · 3 CVEs total
| CVE-2021-3491 | 7.8 HIGH | Linux kernel io_uring PROVIDE_BUFFERS MAX_RW_COUNT bypass |
| CVE-2021-3489 | 7.8 HIGH | Linux kernel eBPF RINGBUF map oversized allocation |
IV. Related Vulnerabilities
Same product: Linux kernel
- CVE-2024-24864
Race condition vulnerability in Linux kernel media/dvb-core - CVE-2024-24857
Race condition vulnerability in Linux kernel bluetooth in co - CVE-2024-24858
Race condition vulnerability in Linux kernel net/bluetooth i - CVE-2024-24859
Race condition vulnerability in Linux kernel bluetooth sniff - CVE-2024-24860
Race condition vulnerability in Linux kernel bluetooth drive
Same vendor: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. Comments for CVE-2021-3490
No comments yet