CVE-2021-29154: Command Injection
First published: Tue Apr 06 2021(Updated: )
A flaw was found in the Linux kernels eBPF implementation. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A local user with the ability to insert eBPF instructions can abuse a flaw in eBPF to corrupt memory. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.41.1.rt56.1181.el7 | 0:3.10.0-1160.41.1.rt56.1181.el7 |
| redhat/kernel | <0:3.10.0-1160.41.1.el7 | 0:3.10.0-1160.41.1.el7 |
| redhat/kernel-rt | <0:4.18.0-372.9.1.rt7.166.el8 | 0:4.18.0-372.9.1.rt7.166.el8 |
| redhat/kernel | <0:4.18.0-372.9.1.el8 | 0:4.18.0-372.9.1.el8 |
| IBM Data Risk Manager | <=2.0.6 | |
| Linux Kernel | >=3.0<4.4.266 | |
| Linux Kernel | >=4.5<4.9.266 | |
| Linux Kernel | >=4.10<4.14.230 | |
| Linux Kernel | >=4.15<4.19.186 | |
| Linux Kernel | >=4.20<5.4.111 | |
| Linux Kernel | >=5.5<5.10.29 | |
| Linux Kernel | >=5.11<5.11.13 | |
| Red Hat Fedora | =33 | |
| Debian Linux | =9.0 | |
| NetApp Cloud Backup | ||
| NetApp SolidFire & HCI Management Node | ||
| NetApp SolidFire & HCI Storage Node | ||
| All of | ||
| NetApp H300S Firmware | ||
| NetApp H300S Firmware | ||
| All of | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| All of | ||
| NetApp H700S | ||
| NetApp H700S | ||
| All of | ||
| NetApp H300E | ||
| NetApp H300E Firmware | ||
| All of | ||
| NetApp H500S Firmware | ||
| NetApp H500e Firmware | ||
| All of | ||
| NetApp H700E | ||
| NetApp H700E | ||
| All of | ||
| NetApp H410S | ||
| NetApp H410S Firmware | ||
| NetApp H300S Firmware | ||
| NetApp H300S Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H700S | ||
| NetApp H700S | ||
| NetApp H300E | ||
| NetApp H300E Firmware | ||
| NetApp H500S Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H700E | ||
| NetApp H700E | ||
| NetApp H410S | ||
| NetApp H410S Firmware | ||
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
Remedy
This issue does not affect most systems by default. An administrator would need to have enabled the BPF JIT to be affected. It can be disabled immediately with the command: # echo 0 > /proc/sys/net/core/bpf_jit_enable Or it can be disabled for all subsequent boots of the system by setting a value in /etc/sysctl.d/44-bpf-jit-disable ## start file ## net.core.bpf_jit_enable=0 ## end file ##
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2021-29154 https://nvd.nist.gov/vuln/detail/CVE-2021-29154
- https://bugzilla.redhat.com/show_bug.cgi?id=1946684
- https://access.redhat.com/errata/RHSA-2021:3328
- https://access.redhat.com/errata/RHSA-2021:3327
- https://access.redhat.com/errata/RHSA-2022:1975
- https://access.redhat.com/errata/RHSA-2022:1988
- https://access.redhat.com/security/cve/cve-2021-29154
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1947631
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e4d4d456436bfb2fe412ee2cd489f7658449b098
- https://www.openwall.com/lists/oss-security/2021/04/08/1
- https://news.ycombinator.com/item?id=26757760
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/
- http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html
- https://security.netapp.com/advisory/ntap-20210604-0006/
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26f55a59dc65ff77cd1c4b37991e26497fc68049
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4d4d456436bfb2fe412ee2cd489f7658449b098
- https://launchpad.net/bugs/cve/CVE-2021-29154
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/199609
- https://www.ibm.com/support/pages/node/6497499 (Advisory)
- https://security-tracker.debian.org/tracker/CVE-2021-29154
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154
- https://nvd.nist.gov/vuln/detail/CVE-2021-29154
- https://ubuntu.com/security/CVE-2021-29154
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2021-29154?
CVE-2021-29154 is rated as a critical severity vulnerability due to its potential to allow local users to corrupt memory.
How do I fix CVE-2021-29154?
To fix CVE-2021-29154, update your Linux kernel to the specified remedial versions such as 0:3.10.0-1160.41.1.el7 or higher.
Which software is affected by CVE-2021-29154?
CVE-2021-29154 affects various Linux kernel versions and implementations, including Red Hat and Debian distributions.
Who can exploit CVE-2021-29154?
CVE-2021-29154 can be exploited by local users who are able to insert eBPF instructions into the system.
What impact does CVE-2021-29154 have on systems?
The impact of CVE-2021-29154 can lead to potential memory corruption, which could be exploited to gain unauthorized access to system resources.
- collector/redhat-cve
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-29154
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- collector/launchpad-cve
- source/Launchpad
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/trending
- agent/last-modified-date
- agent/source
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/ibm
- canonical/ibm data risk manager
- version/ibm data risk manager/2.0.6
- vendor/linux
- canonical/linux kernel
- version/linux kernel/3.0
- version/linux kernel/4.5
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/33
- vendor/debian
- canonical/debian linux
- version/debian linux/9.0
- vendor/netapp
- canonical/netapp cloud backup
- canonical/netapp solidfire & hci management node
- canonical/netapp solidfire & hci storage node
- canonical/netapp h300s firmware
- canonical/netapp h500e firmware
- canonical/netapp h700s
- canonical/netapp h300e
- canonical/netapp h300e firmware
- canonical/netapp h500s firmware
- canonical/netapp h700e
- canonical/netapp h410s
- canonical/netapp h410s firmware
- package-manager/debian