CVE-2021-34866

Published on: 01/25/2022 12:00:00 AM UTC

Last Modified on: 03/29/2022 04:35:00 PM UTC

CVE-2021-34866

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Certain versions of Linux Kernel from Linux contain the following vulnerability:

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689.

CVE-2021-34866 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
Affected Vendor/Software: Linux - Kernel version 5.14-rc3

CVSS3 Score: 7.8 - HIGH

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
LOCAL	LOW	LOW	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	HIGH	HIGH	HIGH

CVSS2 Score: 7.2 - HIGH

Access Vector^ⓘ	Access Complexity	Authentication
LOCAL	LOW	NONE
Confidentiality Impact	Integrity Impact	Availability Impact
COMPLETE	COMPLETE	COMPLETE

CVE References

Description	Tags ^ⓘ	Link
CVE-2021-34866 Linux Kernel Vulnerability in NetApp Products \| NetApp Product Security	security.netapp.com text/html	CONFIRM security.netapp.com/advisory/ntap-20220217-0008/
ZDI-21-1148 \| Zero Day Initiative	www.zerodayinitiative.com text/html	MISC www.zerodayinitiative.com/advisories/ZDI-21-1148/

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

180208 Debian Security Update for linux (CVE-2021-34866)
610406 Google Pixel Android April 2022 Security Patch Missing
751342 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3641-1)
751346 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3655-1)
751353 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3675-1)

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	5.14	rc3	All	All
Hardware	Netapp	H300e	-	All	All	All
Operating System	Netapp	H300e Firmware	-	All	All	All
Hardware	Netapp	H300s	-	All	All	All
Operating System	Netapp	H300s Firmware	-	All	All	All
Hardware	Netapp	H410c	-	All	All	All
Operating System	Netapp	H410c Firmware	-	All	All	All
Hardware	Netapp	H410s	-	All	All	All
Operating System	Netapp	H410s Firmware	-	All	All	All
Hardware	Netapp	H500e	-	All	All	All
Operating System	Netapp	H500e Firmware	-	All	All	All
Hardware	Netapp	H500s	-	All	All	All
Operating System	Netapp	H500s Firmware	-	All	All	All
Hardware	Netapp	H700e	-	All	All	All
Operating System	Netapp	H700e Firmware	-	All	All	All
Hardware	Netapp	H700s	-	All	All	All
Operating System	Netapp	H700s Firmware	-	All	All	All

cpe:2.3:o:linux:linux_kernel:5.14:rc3:*:*:*:*:*:*:
cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*:

Discovery Credit

Ryota Shiga(@Ga_ryo_) of Flatt Security

Social Mentions

Source	Title	Posted (UTC)
@flatt_security	セキュリティエンジニアの志賀(@Ga_ryo_)が「脆弱性リサーチプロジェクト」において報告した脆弱性が2つ公開されました。 1. CVE-2021-34866 Linux Kernel eBPF Type Confusion… twitter.com/i/web/status/1…	2021-10-29 05:54:21
@ipssignatures	The vuln CVE-2021-34866 has a tweet created 0 days ago and retweeted 10 times. twitter.com/flatt_security… #pow1rtrtwwcve	2021-10-29 14:06:00
@vulmoncom	Linux Kernel eBPF Type Confusion Privilege Escalation vulmon.com/vulnerabilityd… CVE-2021-34866 #Vulmon #Linux #InfoSec #CyberSecurity	2021-10-30 08:02:20
@h3xr4bb1t	Here's my PoC exploit for CVE-2021-34866 :) blog.hexrabbit.io/2021/11/03/CVE…	2021-11-03 09:32:40
@ipssignatures	The vuln CVE-2021-34866 has a tweet created 0 days ago and retweeted 10 times. twitter.com/h3xr4bb1t/stat… #pow1rtrtwwcve	2021-11-03 12:06:00
@linkersec	CVE-2021-34866 Writeup; by @h3xr4bb1t An article covering exploitation of a type confusion in the eBPF subsystem.… twitter.com/i/web/status/1…	2021-11-06 01:51:24
@seebug_team	@h3xr4bb1t 您好，我们是Seebug漏洞平台，看到您博客的文章《CVE-2021-34866 Writeup》很不错，请问能否授权转载至Seebug Paper栏目（paper.seebug.org），我们会在文首注明作者和来源~?	2021-11-08 08:38:21
@ipssignatures	The vuln CVE-2021-34866 has a tweet created 5 days ago and retweeted 100 times. twitter.com/h3xr4bb1t/stat… #pow2rtrtwwcve	2021-11-09 00:06:01
/r/vulnintel	Linux Kernel eBPF Type Confusion Privilege Escalation CVE-2021-34866	2021-10-30 08:02:43
/r/linkersec	CVE-2021-34866 Writeup	2021-11-06 01:52:06
/r/netcve	CVE-2021-34866	2022-01-25 16:38:55