Security News > 2021 > July > Linux eBPF bug gets root privileges on Ubuntu - Exploit released
A security researcher released exploit code for a high-severity vulnerability in Linux kernel eBPF that can give an attacker increased privileges on Ubuntu machines.
eBPF is a technology that enables user-supplied programs to run sandboxed inside the operating system's kernel, triggered by a specific event or function.
If properly exploited, a local attacker could get kernel privileges to run arbitrary code on the machine.
Her research into this bug also covers the specifics for triggering the vulnerability to leverage it for elevated privileges and to create a denial-of-service condition on the target system by locking up all available kernel threads.
Porting eBPF to Windows is still an early project that has a lot of development ahead. Palmiotti's research into CVE-2021-3490 was limited to the Linux implementation.
The PoC is designed for Groovy Gorilla kernels 5.8.0-25.26 through 5.8.0-52.58, and Hirsute Hippo kernel version 5.11.0-16.17.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-04 | CVE-2021-3490 | Out-of-bounds Write vulnerability in multiple products The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. | 7.8 |