### [CVE-2021-3490](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3490)
![](https://img.shields.io/static/v1?label=Product&message=Linux%20kernel&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=trunk%3C%20v5.13-rc4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%20Out-of-bounds%20Write&color=brighgreen)

### Description

The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).

### POC

#### Reference
- http://packetstormsecurity.com/files/164015/Linux-eBPF-ALU32-32-bit-Invalid-Bounds-Tracking-Local-Privilege-Escalation.html

#### Github
- https://github.com/0xsyr0/OSCP
- https://github.com/20142995/sectool
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Al1ex/LinuxEelvation
- https://github.com/HaxorSecInfec/autoroot.sh
- https://github.com/IdanBanani/Linux-Kernel-VR-Exploitation
- https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/SYRTI/POC_to_review
- https://github.com/Whiteh4tWolf/xcoderootsploit
- https://github.com/WhooAmii/POC_to_review
- https://github.com/XiaozaYa/CVE-Recording
- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits
- https://github.com/bsauce/kernel-exploit-factory
- https://github.com/bsauce/kernel-security-learning
- https://github.com/chompie1337/Linux_LPE_eBPF_CVE-2021-3490
- https://github.com/chujDK/d3ctf2022-pwn-d3bpf-and-v2
- https://github.com/goldenscale/GS_GithubMirror
- https://github.com/hardenedvault/ved
- https://github.com/huike007/penetration_poc
- https://github.com/joydo/CVE-Writeups
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/kdn111/linux-kernel-exploitation
- https://github.com/khanhdn111/linux-kernel-exploitation
- https://github.com/khanhdz-06/linux-kernel-exploitation
- https://github.com/khanhdz191/linux-kernel-exploitation
- https://github.com/khanhhdz/linux-kernel-exploitation
- https://github.com/khanhhdz06/linux-kernel-exploitation
- https://github.com/khanhnd123/linux-kernel-exploitation
- https://github.com/knd06/linux-kernel-exploitation
- https://github.com/kurniawandata/xcoderootsploit
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/manas3c/CVE-POC
- https://github.com/ndk191/linux-kernel-exploitation
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/pivik271/CVE-2021-3490
- https://github.com/soosmile/POC
- https://github.com/ssr-111/linux-kernel-exploitation
- https://github.com/trhacknon/Pocingit
- https://github.com/whoforget/CVE-POC
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/wkhnh06/linux-kernel-exploitation
- https://github.com/xairy/linux-kernel-exploitation
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/youwizard/CVE-POC
- https://github.com/zecool/cve