Spawn elevated Pneuma via CVE-2021-3490 (eBPF)

Spawn a beacon using the (eBPF vulnerability) identified in CVE-2021-3490.The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
eBPF CVE-2021-3490


Elevate an unprivileged user to root privileges via CVE-2021-3490 (eBPF) exploitation.