CVE-2021-4001: 
Linux Kernel vulnerability analysis and mitigation

A race condition vulnerability (CVE-2021-4001) was discovered in the Linux kernel's eBPF verifier between bpfmapupdateelem and bpfmap_freeze operations due to a missing lock in kernel/bpf/syscall.c. The vulnerability affects Linux kernel versions prior to 5.16 rc2, discovered in late 2021 (NVD, Ubuntu).

The vulnerability stems from a race condition in the eBPF implementation where a missing lock in kernel/bpf/syscall.c allows modification of frozen mapped address space. The issue has a CVSS v3.1 Base Score of 4.1 (Medium) with vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N. The vulnerability is classified as a Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) (NVD).

A local user with special privileges (capsysadmin or cap_bpf) can exploit this vulnerability to modify read-only maps that should be immutable. This could potentially lead to unauthorized modifications of frozen mapped address space, affecting the system's security guarantees (Kernel Patch).

The vulnerability was fixed in Linux kernel version 5.16 rc2 by expanding the use of the map's map->writecnt and converting it into an atomic64 to prevent double freezemutex mutex{un,}lock() pairs. The fix ensures that all pending writes must complete before map content can be used as known constants (Kernel Patch).