CVE-2021-3600
published 2024-01-08CVE-2021-3600: It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | linux | < linux 5.10.19-1 (bookworm) | linux 5.10.19-1 (bookworm) |
| fedoraproject | fedora | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.19-1 | 5.10.19-1 |
| linux | linux_kernel | >= 0 < 5.10.19-1 | 5.10.19-1 |
| linux | linux_kernel | >= 0 < 5.10.19-1 | 5.10.19-1 |
| linux | linux_kernel | >= 0 < 5.10.19-1 | 5.10.19-1 |
| linux | linux_kernel | >= 0 < 4.15.0-147.151 | 4.15.0-147.151 |
| linux | linux_kernel | >= 0 < 4.4.0-212.244 | 4.4.0-212.244 |
| linux | linux_kernel | >= 0 < 4.15.0-151.157 | 4.15.0-151.157 |
| linux | linux_kernel | >= 0 < 5.4.0-80.90 | 5.4.0-80.90 |
| linux | linux_kernel | >= 4.14.115 < 4.14.308 | 4.14.308 |
| linux | linux_kernel | >= 4.15 < 4.19.206 | 4.19.206 |
| linux | linux_kernel | >= 4.20 < 5.4.98 | 5.4.98 |
| linux | linux_kernel | >= 5.5 < 5.10.16 | 5.10.16 |
| redhat | enterprise_linux | — | — |
| the_linux_kernel_organization | linux | < 5.11 | 5.11 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH