The 2021 Pwnie Nominee For Best Privilege Escalation Bug


Researcher Name: Simon Scannell


CVE: CVE-2020-27194

This bug enabled 100% reliable LPE on default configurations of common distros such as Ubuntu, Fedora, etc. It is an issue in the eBPF verifier in the Linux kernel that leads to an Out-Of-Bounds write due to incorrect range calculation.