Linux Kernel eBPF Code Verifier Out-of-Bounds Access Vulnerability

Linux Kernel eBPF Code Verifier Out-of-Bounds Access Vulnerability

CVE-2021-20268 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.