Lucene search

K
cvelistCanonicalCVELIST:CVE-2021-3600
HistoryJan 08, 2024 - 6:16 p.m.

CVE-2021-3600

2024-01-0818:16:42
canonical
www.cve.org
10
ebpf
linux kernel
bounds tracking
vulnerability
local attacker
arbitrary code

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0

Percentile

5.1%

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.

CNA Affected

[
  {
    "packageName": "linux",
    "product": "linux",
    "vendor": "The Linux Kernel Organization",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git",
    "platforms": [
      "Linux"
    ],
    "versions": [
      {
        "lessThan": "5.11",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0

Percentile

5.1%