CVEs-PoC/2021/CVE-2021-3490.md

CVE-2021-3490

Description

The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).

POC

Reference

• http://packetstormsecurity.com/files/164015/Linux-eBPF-ALU32-32-bit-Invalid-Bounds-Tracking-Local-Privilege-Escalation.html

Github

• https://github.com/0xsyr0/OSCP
• https://github.com/20142995/sectool
• https://github.com/ARPSyndicate/cvemon
• https://github.com/Al1ex/LinuxEelvation
• https://github.com/IdanBanani/Linux-Kernel-VR-Exploitation
• https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits
• https://github.com/Mr-xn/Penetration_Testing_POC
• https://github.com/NaInSec/CVE-PoC-in-GitHub
• https://github.com/SYRTI/POC_to_review
• https://github.com/Whiteh4tWolf/xcoderootsploit
• https://github.com/WhooAmii/POC_to_review
• https://github.com/XiaozaYa/CVE-Recording
• https://github.com/bsauce/kernel-exploit-factory
• https://github.com/bsauce/kernel-security-learning
• https://github.com/chompie1337/Linux_LPE_eBPF_CVE-2021-3490
• https://github.com/chujDK/d3ctf2022-pwn-d3bpf-and-v2
• https://github.com/goldenscale/GS_GithubMirror
• https://github.com/hardenedvault/ved
• https://github.com/huike007/penetration_poc
• https://github.com/joydo/CVE-Writeups
• https://github.com/k0mi-tg/CVE-POC
• https://github.com/kdn111/linux-kernel-exploitation
• https://github.com/khanhdn111/linux-kernel-exploitation
• https://github.com/khanhdz-06/linux-kernel-exploitation
• https://github.com/khanhdz191/linux-kernel-exploitation
• https://github.com/khanhhdz/linux-kernel-exploitation
• https://github.com/khanhhdz06/linux-kernel-exploitation
• https://github.com/khanhnd123/linux-kernel-exploitation
• https://github.com/knd06/linux-kernel-exploitation
• https://github.com/kurniawandata/xcoderootsploit
• https://github.com/lions2012/Penetration_Testing_POC
• https://github.com/manas3c/CVE-POC
• https://github.com/ndk191/linux-kernel-exploitation
• https://github.com/nomi-sec/PoC-in-GitHub
• https://github.com/pivik271/CVE-2021-3490
• https://github.com/soosmile/POC
• https://github.com/ssr-111/linux-kernel-exploitation
• https://github.com/trhacknon/Pocingit
• https://github.com/whoforget/CVE-POC
• https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
• https://github.com/xairy/linux-kernel-exploitation
• https://github.com/xuetusummer/Penetration_Testing_POC
• https://github.com/youwizard/CVE-POC
• https://github.com/zecool/cve