CVE-2021-3600
kernel: eBPF 32-bit source register truncation on div/mod
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.
Se descubrió que la implementación de eBPF en el kernel de Linux no rastreaba adecuadamente la información de límites para registros de 32 bits al realizar operaciones div y mod. Un atacante local podría usar esto para posiblemente ejecutar código arbitrario.
A flaw was found in the Linux kernel’s eBPF verification code, where the eBPF 32-bit div/mod source register truncation could lead to out-of-bounds reads and writes. By default, accessing the eBPF verifier is only possible to privileged users with CAP_SYS_ADMIN. This flaw allows a local user who can run eBPF instructions to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-06-12 CVE Reserved
- 2021-06-23 CVE Published
- 2024-01-10 EPSS Updated
- 2024-09-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
- CWE-787: Out-of-bounds Write
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600 | Issue Tracking | |
| https://ubuntu.com/security/notices/USN-5003-1 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 | 2024-01-11 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2021-3600 | 2021-11-09 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1981954 | 2021-11-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.14 < 4.19.206 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 4.19.206" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.20 < 5.4.98 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.4.98" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.5 < 5.10.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.10.16" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.11 Search vendor "Linux" for product "Linux Kernel" and version "5.11" | rc1 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.11 Search vendor "Linux" for product "Linux Kernel" and version "5.11" | rc2 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.11 Search vendor "Linux" for product "Linux Kernel" and version "5.11" | rc3 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.11 Search vendor "Linux" for product "Linux Kernel" and version "5.11" | rc4 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.11 Search vendor "Linux" for product "Linux Kernel" and version "5.11" | rc5 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.11 Search vendor "Linux" for product "Linux Kernel" and version "5.11" | rc6 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.11 Search vendor "Linux" for product "Linux Kernel" and version "5.11" | rc7 |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | esm |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||