A security researcher released exploit code for a high-severity vulnerability in Linux kernel eBPF (Extended Berkeley Packet Filter) that can give an

Linux eBPF bug gets root privileges on Ubuntu - Exploit released

submited by
Style Pass
2021-08-02 10:30:08

A security researcher released exploit code for a high-severity vulnerability in Linux kernel eBPF (Extended Berkeley Packet Filter) that can give an attacker increased privileges on Ubuntu machines.

The bug is tracked as CVE-2021-3490. It was disclosed in May and is a privilege escalation, so leveraging it requires local access on the target machine.

eBPF is a technology that enables user-supplied programs to run sandboxed inside the operating system’s kernel, triggered by a specific event or function (e.g. system call, network events).

Manfred Paul of the RedRocket CTF team working with Trend Micro's Zero Day Initiative reported the bug. They found that CVE-2021-3490 could be turned into out-of-bounds reads and writes in the kernel.

The issue consists of the fact that user-supplied programs do not go through a proper validation process before they’re executed. If properly exploited, a local attacker could get kernel privileges to run arbitrary code on the machine.

In a blog post this week, exploit developer Valentina Palmiotti, describes the technical details behind CVE-2021-3490 and its exploitation on Ubuntu short-term releases 20.10 (Groovy Gorilla) and 21.04 (Hirsute Hippo).

Leave a Comment