CVE-2021-3600

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-3600
It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600 Product
https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 Mailing List Patch Vendor Advisory
https://ubuntu.com/security/notices/USN-5003-1 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.11:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.11:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.11:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.11:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.11:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.11:rc7:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
History

11 Jan 2024, 18:40

Type Values Removed Values Added
First Time Redhat enterprise Linux
Linux linux Kernel
Canonical
Redhat
Fedoraproject fedora
Fedoraproject
Canonical ubuntu Linux
Linux
References () https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600 - () https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600 - Product
References () https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 - () https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 - Mailing List, Patch, Vendor Advisory
References () https://ubuntu.com/security/notices/USN-5003-1 - () https://ubuntu.com/security/notices/USN-5003-1 - Third Party Advisory
Summary
  • (es) Se descubrió que la implementación de eBPF en el kernel de Linux no rastreaba adecuadamente la información de límites para registros de 32 bits al realizar operaciones div y mod. Un atacante local podría usar esto para posiblemente ejecutar código arbitrario.
CWE CWE-125
CWE-787
CPE cpe:2.3:o:linux:linux_kernel:5.11:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.11:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.11:rc7:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.11:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.11:rc2:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.11:rc1:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:linux:linux_kernel:5.11:rc6:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

08 Jan 2024, 19:30

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-08 19:15

Updated : 2024-01-11 18:40

NVD link : CVE-2021-3600

Mitre link : CVE-2021-3600

CVE.ORG link : CVE-2021-3600

JSON object : View

Products Affected

canonical

  • ubuntu_linux

linux

  • linux_kernel

fedoraproject

  • fedora

redhat

  • enterprise_linux
CWE
CWE-125

Out-of-bounds Read

CWE-787

Out-of-bounds Write