PT-2021-3403 · Linux+6 · Linux Kernel+6

Published

2021-02-10

Updated

2024-09-04

CVE-2021-3600

CVSS v3.1

7.8

High

Vector

AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The eBPF implementation in the Linux kernel does not properly track bounds information for 32-bit registers when performing div and mod operations. This can allow a local attacker to possibly execute arbitrary code. The issue is caused by incorrect truncation of 32-bit registers during these operations, potentially leading to reading and writing data outside the allocated memory area.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

RCE

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-20CWE-125

Related Identifiers

ALSA-2021:4356

BDU:2021-03254

CESA-2021_4140

CESA-2021_4356

CVE-2021-3600

DLA-2785-1

LSN-0079-1

OESA-2021-1279

RHSA-2021:4140

RHSA-2021:4356

RHSA-2021_4140

RHSA-2021_4356

USN-5003-1

Affected Products

Almalinux

Astra Linux

Centos

Linux Kernel

Red Hat

Red Os

Ubuntu

PT-2021-3403 · Linux+6 · Linux Kernel+6

CVE-2021-3600

Weakness Enumeration

Related Identifiers

Affected Products

References · 100