CVE-2021-3411

Published: Mar 9, 2021Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected (2)

Products: Linux: Linux Kernel · Redhat: Enterprise Linux

1 product

1 product

Enterprise Linux

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 5.10

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

http://blog.pi3.com.pl/?p=831

Source: secalert@redhat.com

ExploitPatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1928236

Source: secalert@redhat.com

ExploitIssue TrackingThird Party Advisory

http://blog.pi3.com.pl/?p=831

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1928236

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.