CVE-2021-3600

Published: Jan 8, 2024Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.

Affected (16)

Products: Linux: Linux Kernel · Canonical: Ubuntu Linux · Fedoraproject: Fedora · +1 more

Show all products

Linux: Linux Kernel · Canonical: Ubuntu Linux · Fedoraproject: Fedora · Redhat: Enterprise Linux

1 product

1 product

1 product

1 product

Enterprise Linux

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 4.14.115 to 4.14.308
Linux Linux Kernel	From 4.15 to 4.19.206
Linux Linux Kernel	From 4.20 to 5.4.98
Linux Linux Kernel	From 5.5 to 5.10.16
Linux Linux Kernel	Version 5.11 rc1
Linux Linux Kernel	Version 5.11 rc2
Linux Linux Kernel	Version 5.11 rc3
Linux Linux Kernel	Version 5.11 rc4
Linux Linux Kernel	Version 5.11 rc5
Linux Linux Kernel	Version 5.11 rc6
Linux Linux Kernel	Version 5.11 rc7

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 34

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600

Source: security@ubuntu.com

Product

https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90

Source: security@ubuntu.com

Mailing ListPatchVendor Advisory

https://ubuntu.com/security/notices/USN-5003-1

Source: security@ubuntu.com

Third Party Advisory

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchVendor Advisory

https://ubuntu.com/security/notices/USN-5003-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.