CVE-2021-3600

HIGH7.8

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations

Published Jan 8, 2024

Modified 1 years ago

No fix available

Details

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.

References

WEBhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600 WEBhttps://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 ADVISORYhttps://ubuntu.com/security/notices/USN-5003-1 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2021-3600

CVSS Analysis

CVSS v3.1

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

HighAC:H

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

ChangedS:C

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Ecosystems

Timeline

PublishedJan 8, 2024

ModifiedSep 4, 2024