CVE-2021-3600
Severity
7.8HIGH
EPSS
0.2%
top 63.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 8
Description
It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0
Affected Packages11 packages
Also affects: Ubuntu Linux 14.04, 16.04, 18.04, Enterprise Linux 8.0, Fedora 34
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-769h-g9v6-cwg7: It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div↗2024-01-08
CVEList▶
CVE-2021-3600: It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div↗2024-01-08
OSV▶
CVE-2021-3600: It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div↗2024-01-08
OSV▶
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2021-06-23
💥Exploits & PoCs
1Nuclei▶
Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass