Check system and kernel settings for CVE-2021-33909 (Sequoia)

Check the net.core.bpf_jit_enable settings (weak BPF functionality implementation which allows further access to kernel assets), kernel.unprivileged_bpf_disable (weakBPF functionality implementation which allows for unprivileged access), and kernel.unprivileged_userns_clone (enables unprivileged user namespaces).
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains


Elevate an unprivileged user to root privileges via CVE-2021-33909 (Sequoia) exploitation.