Your submission was sent successfully! Close

CVE-2021-3490

Published: 11 May 2021

The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).

From the Ubuntu security team

Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.

Priority

High

CVSS 3 base score: 7.8

Status

Package Release Status
linux-aws-5.8
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

groovy Does not exist

hirsute Does not exist

focal Not vulnerable
(5.8.0-1035.37~20.04.1)
upstream
Released (5.13~rc4)
impish Does not exist

jammy Does not exist

linux-azure-5.8
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

groovy Does not exist

hirsute Does not exist

focal Not vulnerable
(5.8.0-1033.35~20.04.1)
upstream
Released (5.13~rc4)
impish Does not exist

jammy Does not exist

linux-gcp-5.8
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

groovy Does not exist

hirsute Does not exist

focal Not vulnerable
(5.8.0-1032.34~20.04.1)
upstream
Released (5.13~rc4)
impish Does not exist

jammy Does not exist

linux-oracle-5.8
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

groovy Does not exist

hirsute Does not exist

focal Not vulnerable
(5.8.0-1031.32~20.04.2)
upstream
Released (5.13~rc4)
impish Does not exist

jammy Does not exist

linux-riscv-5.8
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

groovy Does not exist

hirsute Does not exist

focal
Released (5.8.0-25.27~20.04.1)
upstream
Released (5.13~rc4)
impish Does not exist

jammy Does not exist

linux-bluefield
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

hirsute Does not exist

focal Not vulnerable
(5.4.0-1007.10)
upstream
Released (5.13~rc4)
impish Does not exist

jammy Does not exist

linux-hwe-5.11
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

hirsute Does not exist

focal Not vulnerable
(5.11.0-22.23~20.04.1)
upstream
Released (5.13~rc4)
impish Does not exist

jammy Does not exist

linux-riscv-5.11
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

hirsute Does not exist

focal Not vulnerable
(5.11.0-1015.16~20.04.1)
upstream
Released (5.13~rc4)
impish Does not exist

jammy Does not exist

linux-oem-5.13
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Not vulnerable
(5.13.0-1009.10)
hirsute Does not exist

upstream
Released (5.13~rc4)
impish Does not exist

jammy Does not exist

linux-aws-5.11
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

hirsute Does not exist

impish Does not exist

focal Not vulnerable
(5.11.0-1009.9~20.04.2)
upstream
Released (5.13~rc4)
jammy Does not exist

linux-azure-5.11
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

hirsute Does not exist

impish Does not exist

focal Not vulnerable
(5.11.0-1007.7~20.04.2)
upstream
Released (5.13~rc4)
jammy Does not exist

linux-oracle-5.11
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

hirsute Does not exist

impish Does not exist

focal Not vulnerable
(5.11.0-1008.8~20.04.1)
upstream
Released (5.13~rc4)
jammy Does not exist

linux
Launchpad, Ubuntu, Debian
impish Not vulnerable
(5.11.0-18.19+21.10.1)
groovy
Released (5.8.0-53.60)
hirsute
Released (5.11.0-17.18)
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
upstream
Released (5.13~rc4)
jammy Not vulnerable
(5.13.0-19.19)
linux-hwe
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Not vulnerable
(code not present)
bionic Ignored
(replaced by linux-hwe-5.4)
focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

linux-hwe-5.4
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Not vulnerable
(code not present)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

upstream
Released (5.13~rc4)
linux-hwe-5.8
Launchpad, Ubuntu, Debian
impish Does not exist

focal
Released (5.8.0-53.60~20.04.1)
precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

upstream
Released (5.13~rc4)
linux-hwe-edge
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Ignored
(superseded by linux-hwe)
bionic Ignored
(superseded by linux-hwe-5.4)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

upstream
Released (5.13~rc4)
linux-lts-trusty
Launchpad, Ubuntu, Debian
impish Does not exist

trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

precise Not vulnerable
(code not present)
linux-lts-xenial
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

trusty Not vulnerable
(code not present)
linux-kvm
Launchpad, Ubuntu, Debian
impish Not vulnerable
(5.11.0-1008.8+21.10.1)
groovy
Released (5.8.0-1027.29)
hirsute
Released (5.11.0-1007.7)
precise Does not exist

trusty Does not exist

upstream
Released (5.13~rc4)
jammy Not vulnerable
(5.13.0-1004.4)
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
linux-aws
Launchpad, Ubuntu, Debian
impish Not vulnerable
(5.11.0-1008.8+21.10.1)
groovy
Released (5.8.0-1033.35)
hirsute
Released (5.11.0-1007.7)
precise Does not exist

trusty Not vulnerable
(code not present)
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
upstream
Released (5.13~rc4)
jammy Not vulnerable
(5.13.0-1005.6)
xenial Not vulnerable
(code not present)
linux-aws-5.0
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-aws-5.3)
focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

linux-aws-5.3
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-aws-5.4)
focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

linux-aws-5.4
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Not vulnerable
(code not present)
focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

linux-aws-hwe
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Not vulnerable
(code not present)
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

linux-azure
Launchpad, Ubuntu, Debian
impish Not vulnerable
(5.11.0-1006.6+21.10.1)
groovy
Released (5.8.0-1032.34)
hirsute
Released (5.11.0-1005.5)
precise Does not exist

bionic Ignored
(superseded by linux-azure-5.3)
upstream
Released (5.13~rc4)
jammy Not vulnerable
(5.13.0-1006.7)
focal Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
linux-azure-4.15
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

bionic Not vulnerable
(code not present)
linux-azure-5.3
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-azure-5.4)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

upstream
Released (5.13~rc4)
linux-azure-5.4
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Not vulnerable
(code not present)
focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

linux-dell300x
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Not vulnerable
(code not present)
focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

linux-azure-edge
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-azure-5.3)
focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

linux-gcp
Launchpad, Ubuntu, Debian
impish Not vulnerable
(5.11.0-1008.8+21.10.1)
groovy
Released (5.8.0-1031.32)
hirsute
Released (5.11.0-1007.7)
precise Does not exist

trusty Does not exist

bionic Ignored
(superseded by linux-gcp-5.3)
jammy Not vulnerable
(5.13.0-1005.6)
focal Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
upstream
Released (5.13~rc4)
linux-gcp-4.15
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

bionic Not vulnerable
(code not present)
linux-gcp-5.3
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-gcp-5.4)
focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

linux-gcp-5.4
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Not vulnerable
(code not present)
focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

linux-gcp-edge
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-gcp-5.3)
focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

linux-gke-4.15
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

bionic Not vulnerable
(code not present)
upstream
Released (5.13~rc4)
linux-gke-5.0
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

bionic Not vulnerable
(code not present)
linux-gke-5.3
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

bionic Not vulnerable
(code not present)
upstream
Released (5.13~rc4)
linux-gke-5.4
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Not vulnerable
(code not present)
focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

linux-gkeop
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Not vulnerable
(code not present)
groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

linux-gkeop-5.4
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

bionic Not vulnerable
(code not present)
linux-oracle
Launchpad, Ubuntu, Debian
impish Not vulnerable
(5.11.0-1007.7+21.10.1)
groovy
Released (5.8.0-1029.30)
hirsute
Released (5.11.0-1006.6)
precise Does not exist

trusty Does not exist

upstream
Released (5.13~rc4)
jammy Not vulnerable
(5.13.0-1008.10)
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
linux-oracle-5.0
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-oracle-5.3)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

upstream
Released (5.13~rc4)
linux-oracle-5.3
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-oracle-5.4)
focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

linux-oracle-5.4
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Not vulnerable
(code not present)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

upstream
Released (5.13~rc4)
linux-oem
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Ignored
(superseded by linux-hwe)
bionic Not vulnerable
(code not present)
focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

linux-oem-5.6
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Not vulnerable
(code not present)
groovy Does not exist

hirsute Does not exist

jammy Does not exist

upstream
Released (5.13~rc4)
linux-oem-5.10
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Does not exist

focal
Released (5.10.0-1026.27)
groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

linux-oem-osp1
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

bionic Not vulnerable
(code not present)
upstream
Released (5.13~rc4)
linux-raspi
Launchpad, Ubuntu, Debian
impish Not vulnerable
(5.11.0-1009.10+21.10.1)
precise Does not exist

jammy Not vulnerable
(5.13.0-1008.9)
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Not vulnerable
(code not present)
groovy
Released (5.8.0-1024.27)
hirsute
Released (5.11.0-1008.8)
upstream
Released (5.13~rc4)
linux-raspi2
Launchpad, Ubuntu, Debian
impish Does not exist

jammy Does not exist

precise Does not exist

trusty Does not exist

xenial Ignored
(end of standard support, was needs-triage)
bionic Not vulnerable
(code not present)
focal Ignored
(replaced by linux-raspi)
groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
linux-raspi2-5.3
Launchpad, Ubuntu, Debian
impish Does not exist

jammy Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Not vulnerable
(code not present)
focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
linux-raspi-5.4
Launchpad, Ubuntu, Debian
impish Does not exist

jammy Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Not vulnerable
(code not present)
focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
linux-riscv
Launchpad, Ubuntu, Debian
impish Not vulnerable
(5.11.0-1009.9+21.10.1)
jammy Not vulnerable
(5.13.0-1004.4)
precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Not vulnerable
(code not present)
groovy
Released (5.8.0-25.27)
hirsute
Released (5.11.0-1008.8)
upstream
Released (5.13~rc4)
linux-snapdragon
Launchpad, Ubuntu, Debian
impish Does not exist

jammy Does not exist

precise Does not exist

trusty Does not exist

xenial Ignored
(end of standard support, was needs-triage)
bionic Not vulnerable
(code not present)
focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
linux-gke
Launchpad, Ubuntu, Debian
impish Does not exist

jammy Not vulnerable
(5.15.0-1002.2)
precise Does not exist

trusty Does not exist

xenial Ignored
(reached end of standard support)
bionic Does not exist

focal Not vulnerable
(5.4.0-1033.35)
groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc4)
linux-ibm
Launchpad, Ubuntu, Debian
impish Does not exist

trusty Does not exist

xenial Does not exist

bionic Does not exist

hirsute Does not exist

focal Not vulnerable
(5.4.0-1003.4)
upstream
Released (5.13~rc4)
jammy Not vulnerable
(5.15.0-1002.2)
linux-gcp-5.11
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

hirsute Does not exist

impish Does not exist

focal Not vulnerable
(5.11.0-1009.10~20.04.1)
upstream
Released (5.13~rc4)
jammy Does not exist

linux-oem-5.14
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

hirsute Does not exist

impish Does not exist

focal Not vulnerable
(5.14.0-1004.4)
upstream
Released (5.13~rc4)
jammy Does not exist

linux-intel-5.13
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Not vulnerable

hirsute Does not exist

impish Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

linux-azure-5.13
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Not vulnerable
(5.13.0-1009.10~20.04.2)
impish Does not exist

upstream
Released (5.13~rc4)
jammy Does not exist

linux-hwe-5.13
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

focal Not vulnerable
(5.13.0-21.21~20.04.1)
upstream
Released (5.13~rc4)
jammy Does not exist

linux-aws-5.13
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

focal Not vulnerable
(5.13.0-1008.9~20.04.2)
upstream
Released (5.13~rc4)
jammy Does not exist

linux-fips
Launchpad, Ubuntu, Debian
trusty Does not exist

bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

upstream
Released (5.13~rc4)
xenial Not vulnerable
(4.4.0-1073.79)
jammy Does not exist

linux-oracle-5.13
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

focal Not vulnerable
(5.13.0-1011.13~20.04.2)
upstream
Released (5.13~rc4)
jammy Does not exist

linux-gcp-5.13
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

focal Not vulnerable
(5.13.0-1008.9~20.04.3)
upstream
Released (5.13~rc4)
jammy Does not exist

linux-ibm-5.4
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

focal Does not exist

impish Does not exist

bionic Not vulnerable
(5.4.0-1010.11~18.04.2)
upstream
Released (5.13~rc4)
jammy Does not exist

linux-azure-fde
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

focal Not vulnerable
(5.4.0-1063.66+cvm2.2)
upstream
Released (5.13~rc4)
jammy Does not exist

linux-lowlatency
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

impish Does not exist

jammy Not vulnerable

upstream Needs triage

linux-oem-5.17
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

impish Does not exist

jammy Not vulnerable

upstream Needs triage