kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-05-27T00:00:00
Updated: 2024-03-25T00:40:25.731222
Reserved: 2021-05-19T00:00:00
Link: CVE-2021-33200
JSON object: View
NVD Information
Status : Modified
Published: 2021-05-27T13:15:08.300
Modified: 2024-03-25T01:15:51.037
Link: CVE-2021-33200
JSON object: View
Redhat Information
No data.
CWE