Add eBPF ALU32 bounds tracking for bitwise ops (CVE-2021-3490) (#91)

bcoles · web-flow · commit 60cf85b349f3 · 2021-08-31T16:43:31.000+02:00
diff --git a/linux-exploit-suggester.sh b/linux-exploit-suggester.sh
@@ -904,6 +904,18 @@ author: GRIMM
 EOF
 )
 
+EXPLOITS[((n++))]=$(cat <<EOF
+Name: ${txtgrn}[CVE-2021-3490]${txtrst} eBPF ALU32 bounds tracking for bitwise ops
+Reqs: pkg=linux-kernel,ver>=5.7,ver<5.12,CONFIG_BPF_SYSCALL=y,sysctl:kernel.unprivileged_bpf_disabled!=1
+Tags: ubuntu=20.04{kernel:5.8.0-(25|26|27|28|29|30|31|32|33|34|35|36|37|38|39|40|41|42|43|44|45|46|47|48|49|50|51|52)-*},ubuntu=21.04{kernel:5.11.0-16-*}
+Rank: 5
+analysis-url: https://www.graplsecurity.com/post/kernel-pwning-with-ebpf-a-love-story
+src-url: https://codeload.github.com/chompie1337/Linux_LPE_eBPF_CVE-2021-3490/zip/main
+Comments: CONFIG_BPF_SYSCALL needs to be set && kernel.unprivileged_bpf_disabled != 1
+author: chompie1337
+EOF
+)
+
 EXPLOITS[((n++))]=$(cat <<EOF
 Name: ${txtgrn}[CVE-2021-22555]${txtrst} Netfilter heap out-of-bounds write
 Reqs: pkg=linux-kernel,ver>=2.6.19,ver<=5.12-rc6
