Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2021-3489
HistoryMay 11, 2021 - 12:00 a.m.

CVE-2021-3489

2021-05-1100:00:00
ubuntu.com
ubuntu.com
27

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0005 Low

EPSS

Percentile

16.5%

JSON

The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not
check that the allocated size was smaller than the ringbuf size, allowing
an attacker to perform out-of-bounds writes within the kernel and
therefore, arbitrary code execution. This issue was fixed via commit
4b81ccebaeee (“bpf, ringbuf: Deny reserve of buffers larger than ringbuf”)
(v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and
v5.10.37. It was introduced via 457f44363a88 (“bpf: Implement BPF ring
buffer and verifier support for it”) (v5.8-rc1).

Notes

Author Note
sbeattie introduced in v5.8-rc1

Related

prion 1
cve 1
cnvd 1
veracode 1
redhatcve 1
debiancve 1
f5 1
zdi 1
photon 2
openvas 13
nessus 17
ubuntu 3
fedora 6
osv 3
redos 1
almalinux 1
oraclelinux 1
redhat 4
suse 2
prion
prion
Design/Logic Flaw
2021-06-04 02:15:00
cve
cve
CVE-2021-3489
2021-06-04 02:15:00
cnvd
cnvd
Linux kernel buffer overflow vulnerability (CNVD-2021-54396)
2021-07-16 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-05-24 09:30:37
redhatcve
redhatcve
CVE-2021-3489
2021-05-11 20:54:38
debiancve
debiancve
CVE-2021-3489
2021-06-04 02:15:00
f5
f5
K32525759 : Linux kernel vulnerability CVE-2021-3489
2022-10-17 00:00:00
zdi
zdi
(Pwn2Own) Canonical Ubuntu eBPF Out-Of-Bounds Access Privilege Escalation Vulnerability
2021-05-14 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0023
2021-05-12 00:00:00
Important Photon OS Security Update - PHSA-2021-4.0-0023
2021-05-12 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4950-1)
2022-01-28 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2021-05152dbcf5)
2021-05-20 00:00:00
Fedora: Security Advisory for kernel-headers (FEDORA-2021-286375de1e)
2021-05-20 00:00:00
nessus
nessus
Ubuntu 21.04 : Linux kernel vulnerabilities (USN-4950-1)
2021-05-12 00:00:00
Photon OS 4.0: Linux PHSA-2021-4.0-0023
2021-05-12 00:00:00
SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP3) (SUSE-SU-2021:2198-1)
2021-07-01 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2021-05-11 00:00:00
Linux kernel vulnerabilities
2021-05-11 00:00:00
Linux kernel (OEM) vulnerabilities
2021-05-11 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: kernel-headers-5.11.20-300.fc34
2021-05-16 02:03:14
[SECURITY] Fedora 33 Update: kernel-tools-5.11.20-200.fc33
2021-05-16 02:06:52
[SECURITY] Fedora 33 Update: kernel-headers-5.11.20-200.fc33
2021-05-16 02:06:52
osv
osv
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi vulnerabilities
2021-05-11 22:37:17
linux-oem-5.10 vulnerabilities
2021-05-11 22:31:50
Moderate: kernel security, bug fix, and enhancement update
2021-11-09 09:08:02
redos
redos
ROS-20220919-01
2022-09-19 00:00:00
almalinux
almalinux
Moderate: kernel security, bug fix, and enhancement update
2021-11-09 09:08:02
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2021-11-16 00:00:00
redhat
redhat
(RHSA-2021:4140) Moderate: kernel-rt security and bug fix update
2021-11-09 08:21:02
(RHSA-2021:4356) Moderate: kernel security, bug fix, and enhancement update
2021-11-09 09:08:02
(RHSA-2021:5137) Moderate: Openshift Logging Security Release (5.0.10)
2021-12-14 21:31:08
suse
suse
Security update for the Linux Kernel (important)
2021-07-11 00:00:00
Security update for the Linux Kernel (important)
2021-07-11 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0005 Low

EPSS

Percentile

16.5%

JSON
Related for UB:CVE-2021-3489
prion1cve1cnvd1veracode1redhatcve1debiancve1f51zdi1photon2openvas13nessus17ubuntu3fedora6osv3redos1almalinux1oraclelinux1redhat4suse2