Uninitialized Variable Vulnerability in Linux Kernel BPF Subsystem (CID-350a5c4dd245)

Uninitialized Variable Vulnerability in Linux Kernel BPF Subsystem (CID-350a5c4dd245)

CVE-2021-29648 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c), aka CID-350a5c4dd245.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.