CVE-2021-3600

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.1 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600	Product
https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90	Mailing List Patch Vendor Advisory
https://ubuntu.com/security/notices/USN-5003-1	Third Party Advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600	Product
https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90	Mailing List Patch Vendor Advisory
https://ubuntu.com/security/notices/USN-5003-1	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.11:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.11:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.11:rc3::::::
	cpe:2.3:o:linux:linux_kernel:5.11:rc4::::::
	cpe:2.3:o:linux:linux_kernel:5.11:rc5::::::
	cpe:2.3:o:linux:linux_kernel:5.11:rc6::::::
	cpe:2.3:o:linux:linux_kernel:5.11:rc7::::::

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::esm:::

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

History

21 Nov 2024, 06:21

Type	Values Removed	Values Added
References	~~() https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600 - Product~~	() https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600 - Product
References	~~() https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 - Mailing List, Patch, Vendor Advisory~~	() https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 - Mailing List, Patch, Vendor Advisory
References	~~() https://ubuntu.com/security/notices/USN-5003-1 - Third Party Advisory~~	() https://ubuntu.com/security/notices/USN-5003-1 - Third Party Advisory

11 Jan 2024, 18:40

Type	Values Removed	Values Added
CPE		cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm::: cpe:2.3:o:linux:linux_kernel:5.11:rc7:::::: cpe:2.3:o:linux:linux_kernel:5.11:rc1:::::: cpe:2.3:o:canonical:ubuntu_linux:18.04::::esm::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.11:rc3:::::: cpe:2.3:o:linux:linux_kernel:5.11:rc2:::::: cpe:2.3:o:linux:linux_kernel:5.11:rc5:::::: cpe:2.3:o:fedoraproject:fedora:34:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm::: cpe:2.3:o:linux:linux_kernel:5.11:rc6:::::: cpe:2.3:o:linux:linux_kernel:5.11:rc4::::::
First Time		Canonical ubuntu Linux Fedoraproject Linux Fedoraproject fedora Redhat enterprise Linux Canonical Redhat Linux linux Kernel
CWE		CWE-787 CWE-125
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
References	~~() https://ubuntu.com/security/notices/USN-5003-1 -~~	() https://ubuntu.com/security/notices/USN-5003-1 - Third Party Advisory
References	~~() https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600 -~~	() https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600 - Product
References	~~() https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 -~~	() https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 - Mailing List, Patch, Vendor Advisory

08 Jan 2024, 19:30

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-08 19:15

Updated : 2024-11-21 06:21

NVD link : CVE-2021-3600

Mitre link : CVE-2021-3600

CVE.ORG link : CVE-2021-3600

JSON object : View

Products Affected

fedoraproject

fedora

redhat

enterprise_linux

linux

linux_kernel

canonical

ubuntu_linux

CWE

CWE-125

Out-of-bounds Read

CWE-787

Out-of-bounds Write

7.8 /10