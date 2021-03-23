Vigil@nce - Linux kernel: read-write access via Bpf Verifier Mod32 Truncation

May 2021 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

Impacted products: Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Severity: 2/4.

Consequences: administrator access/rights, data reading, data creation/edition, data deletion.

Provenance: user shell.

Confidence: confirmed by the editor (5/5).

Creation date: 23/03/2021.

DESCRIPTION OF THE VULNERABILITY

An attacker can bypass access restrictions via Bpf Verifier Mod32 Truncation of the Linux kernel, in order to read or alter data.

ACCESS TO THE FULL VIGIL@NCE BULLETIN

