Login Sign Up

CVE-2021-38300

7.8 HIGH

📋 TL;DR

This vulnerability in the Linux kernel's MIPS BPF JIT compiler allows unprivileged users to execute arbitrary code with kernel privileges. It affects Linux systems running on MIPS architecture with kernel versions before 5.4.10. Attackers can exploit this to gain full system control.

💻 Affected Systems

Products:
  • Linux kernel
Versions: All versions before 5.4.10
Operating Systems: Linux distributions running on MIPS architecture
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with MIPS architecture and BPF JIT enabled. Most modern distributions have BPF JIT enabled by default for performance.

📦 What is this software?

Cloud Backup by Netapp

View all CVEs affecting Cloud Backup →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

H300e Firmware by Netapp

View all CVEs affecting H300e Firmware →

H300s Firmware by Netapp

View all CVEs affecting H300s Firmware →

H410c Firmware by Netapp

View all CVEs affecting H410c Firmware →

H410s Firmware by Netapp

View all CVEs affecting H410s Firmware →

H500e Firmware by Netapp

View all CVEs affecting H500e Firmware →

H500s Firmware by Netapp

View all CVEs affecting H500s Firmware →

H700e Firmware by Netapp

View all CVEs affecting H700e Firmware →

H700s Firmware by Netapp

View all CVEs affecting H700s Firmware →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level code execution leading to persistent root access, data theft, and system destruction.

🟠

Likely Case

Local privilege escalation allowing attackers to gain root privileges on affected systems.

🟢

If Mitigated

Limited impact if proper access controls restrict unprivileged users from executing BPF programs.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and ability to load unprivileged BPF programs. Proof-of-concept code exists in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.4.10 and later

Vendor Advisory: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.10

Restart Required: Yes

Instructions:

1. Update kernel to version 5.4.10 or later
2. Reboot system
3. Verify kernel version with 'uname -r'
4. For distributions: use package manager (apt/yum) to update kernel package

🔧 Temporary Workarounds

Disable BPF JIT for unprivileged users

linux

Prevents unprivileged users from using BPF JIT compiler

echo 0 > /proc/sys/net/core/bpf_jit_enable
sysctl -w net.core.bpf_jit_enable=0

Restrict BPF system calls

linux

Use seccomp or other mechanisms to block bpf() syscall

Add BPF to seccomp filter rules

🧯 If You Can't Patch

  • Implement strict access controls to prevent unprivileged users from executing BPF programs
  • Use security modules like SELinux or AppArmor to restrict BPF capabilities

🔍 How to Verify

Check if Vulnerable:

Check kernel version and architecture: 'uname -r' and 'uname -m'. If version < 5.4.10 and architecture is MIPS, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 5.4.10 or later with 'uname -r' and check that architecture is MIPS.

📡 Detection & Monitoring

Log Indicators:

  • Failed BPF program loads
  • Kernel oops or crashes
  • Unexpected privilege escalation attempts

Network Indicators:

  • None - this is a local privilege escalation vulnerability

SIEM Query:

source="kernel" AND ("BPF" OR "bpf_jit") AND ("error" OR "failed" OR "oops")

📊 Metadata

CVE ID: CVE-2021-38300
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: September 20, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON