eBPF CVE-2021-3490

The eBPF chain first performs a kernel version check to establish if the exploit will launch in the environment. If the kernel version is vulnerable, it then ingresses the exploit payload, launching a privileged Pneuma agent.

Execute this chain

Download Operator (1.7.1)
Learn about Operator


Compare linux kernel versions
Get linux kernel version
Spawn elevated Pneuma via CVE-2021-3490 (eBPF)

User-Set Custom Variables

  • exploitable.version: 5.11.0-17