CVE-2021-3411 — Code Injection in Kernel

CWE-94 — Code Injection8 documents7 sources

Severity

6.7MEDIUMNVD

OSV7.8

EPSS

0.1%

top 70.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Redhat Enterprise Linux +16 more

Timeline

PublishedMar 9

Latest updateMay 24

Description

A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages20 packages

▶NVDlinux/linux_kernel< 5.10

▶Debianlinux/linux_kernel< 5.9.15-1+3

▶CVEListV5linux/linux_kernelLinux kernel 5.10

▶msrcmsrc/kernel-drivers-accessibility-5.10.57.1-1.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64

▶msrcmsrc/kernel-drivers-accessibility-5.10.57.1-1.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm

Also affects: Enterprise Linux 8.0

Patches

Patch: blog.pi3.com.pl ↗Patch: blog.pi3.com.pl ↗

🔴Vulnerability Details

GHSA

GHSA-wmhx-48c3-f3gj: A flaw was found in the Linux kernel in versions prior to 5↗2022-05-24

▶

OSV

linux-oem-5.6 vulnerabilities↗2021-04-13

▶

OSV

CVE-2021-3411: A flaw was found in the Linux kernel in versions prior to 5↗2021-03-09

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OEM) vulnerabilities↗2021-04-13

▶

Microsoft

▶

Debian

CVE-2021-3411: linux - A flaw was found in the Linux kernel in versions prior to 5.10. A violation of m...↗2021

▶

Red Hat

kernel: broken KRETPROBES reports corruption of .text section while running a FTRACE stress tester↗2020-12-11

▶