mirror of
https://github.com/0xMarcio/cve.git
synced 2026-02-12 18:42:46 +00:00
4.7 KiB
4.7 KiB
CVE-2021-3490
Description
The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).
POC
Reference
- http://packetstormsecurity.com/files/164015/Linux-eBPF-ALU32-32-bit-Invalid-Bounds-Tracking-Local-Privilege-Escalation.html
- https://ubuntu.com/security/notices/USN-4949-1
- https://ubuntu.com/security/notices/USN-4950-1
Github
- https://github.com/0xor0ne/awesome-list
- https://github.com/0xsyr0/OSCP
- https://github.com/20142995/sectool
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AbdoFarid1/R00tKeep3r
- https://github.com/Al1ex/LinuxEelvation
- https://github.com/HaxorSecInfec/autoroot.sh
- https://github.com/IdanBanani/Linux-Kernel-VR-Exploitation
- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2
- https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/PsychoH4x0r/Unknown1337-Auto-Root-
- https://github.com/SYRTI/POC_to_review
- https://github.com/Whiteh4tWolf/xcoderootsploit
- https://github.com/WhooAmii/POC_to_review
- https://github.com/XiaozaYa/CVE-Recording
- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits
- https://github.com/bachkhoasoft/awesome-list-ks
- https://github.com/bsauce/kernel-exploit-factory
- https://github.com/bsauce/kernel-security-learning
- https://github.com/chompie1337/Linux_LPE_eBPF_CVE-2021-3490
- https://github.com/christian-byrne/custom-nodes-security-scan
- https://github.com/christian-byrne/node-sec-scan
- https://github.com/chujDK/d3ctf2022-pwn-d3bpf-and-v2
- https://github.com/goldenscale/GS_GithubMirror
- https://github.com/hardenedvault/ved
- https://github.com/huike007/penetration_poc
- https://github.com/huisetiankong478/penetration_poc
- https://github.com/joydo/CVE-Writeups
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/kdn111/linux-kernel-exploitation
- https://github.com/khanhdn111/linux-kernel-exploitation
- https://github.com/khanhdz-06/linux-kernel-exploitation
- https://github.com/khanhdz191/linux-kernel-exploitation
- https://github.com/khanhhdz/linux-kernel-exploitation
- https://github.com/khanhhdz06/linux-kernel-exploitation
- https://github.com/khanhnd123/linux-kernel-exploitation
- https://github.com/khnhdz/linux-kernel-exploitation
- https://github.com/knd06/linux-kernel-exploitation
- https://github.com/kurniawandata/xcoderootsploit
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/ma7moudShaaban/R00tKeep3r
- https://github.com/manas3c/CVE-POC
- https://github.com/n0-traces/cve_monitor
- https://github.com/ndk06/linux-kernel-exploitation
- https://github.com/ndk191/linux-kernel-exploitation
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/pivik271/CVE-2021-3490
- https://github.com/soosmile/POC
- https://github.com/ssr-111/linux-kernel-exploitation
- https://github.com/trhacknon/Pocingit
- https://github.com/vlain1337/auto-lpe
- https://github.com/whoforget/CVE-POC
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/wkhnh06/linux-kernel-exploitation
- https://github.com/xairy/linux-kernel-exploitation
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/youwizard/CVE-POC
- https://github.com/zecool/cve