This exploit code for a critical vulnerability in Linux kernel eBPF (Extended Berkeley Packet Filter) allows escalation of privileges on Ubuntu machines

Cybersecurity specialist Manfred Paul revealed the details of the code for exploiting a critical vulnerability in the Linux eBPF kernel on Ubuntu devices. Tracked as CVE-2021-3490, this is a critical privilege escalation vulnerability that local threat actors could exploit with relative ease.

As some users will recall, Extended Berkeley Packet Filter (eBPF) is a Linux kernel technology that allows programs to run without having to change the kernel source code or add additional modules. In other words, this is a lightweight virtual machine within the Linux kernel on which programmers can run BPF bytecode to take advantage of kernel-specific resources.

The flaw was reported to developers through The Zero Day Initiative (ZDI); the report includes a demonstration of how user-provided programs are not validated correctly before execution. Moreover, security researcher Valentina Palmiotti published a report with the technical details of this vulnerability, in addition to the exploit code for Ubuntu versions 20.10 and 21.04.

Palmiotti demonstrated how to abuse this flaw to trigger a denial of service (DoS) condition and a privilege escalation attack. More technical details are available in the original sources.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.