Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.From USN-4950-1:Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3489)Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3490)Billy Jheng Bing-Jhong discovered that the io_uring implementation of the Linux kernel did not properly enforce the MAX_RW_COUNT limit in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3491)Norbert Slusarek discovered that the CAN ISOTP protocol implementation in the Linux kernel contained a race condition. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Please note that to address this issue, SF_BROADCAST support was removed temporarily from the CAN ISOTP implementation in Ubuntu 21.04 kernels. (LP: #1927409)
Solution(s)
ubuntu-upgrade-linux-image-5-10-0-1026-oemubuntu-upgrade-linux-image-5-11-0-1005-azureubuntu-upgrade-linux-image-5-11-0-1006-oracleubuntu-upgrade-linux-image-5-11-0-1007-awsubuntu-upgrade-linux-image-5-11-0-1007-gcpubuntu-upgrade-linux-image-5-11-0-1007-kvmubuntu-upgrade-linux-image-5-11-0-1008-raspiubuntu-upgrade-linux-image-5-11-0-1008-raspi-nolpaeubuntu-upgrade-linux-image-5-11-0-17-genericubuntu-upgrade-linux-image-5-11-0-17-generic-64kubuntu-upgrade-linux-image-5-11-0-17-generic-lpaeubuntu-upgrade-linux-image-5-11-0-17-lowlatencyubuntu-upgrade-linux-image-5-8-0-1024-raspiubuntu-upgrade-linux-image-5-8-0-1024-raspi-nolpaeubuntu-upgrade-linux-image-5-8-0-1027-kvmubuntu-upgrade-linux-image-5-8-0-1029-oracleubuntu-upgrade-linux-image-5-8-0-1031-gcpubuntu-upgrade-linux-image-5-8-0-1032-azureubuntu-upgrade-linux-image-5-8-0-1033-awsubuntu-upgrade-linux-image-5-8-0-53-genericubuntu-upgrade-linux-image-5-8-0-53-generic-64kubuntu-upgrade-linux-image-5-8-0-53-generic-lpaeubuntu-upgrade-linux-image-5-8-0-53-lowlatencyubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-hwe-20-04ubuntu-upgrade-linux-image-generic-hwe-20-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-generic-lpae-hwe-20-04ubuntu-upgrade-linux-image-gkeubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-lowlatencyubuntu-upgrade-linux-image-lowlatency-hwe-20-04ubuntu-upgrade-linux-image-oem-20-04ubuntu-upgrade-linux-image-oem-20-04bubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-raspi-nolpaeubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-hwe-20-04
ReferencesUSN-4948-1USN-4949-1USN-4950-1CVE-2021-3490