CVE-2021-3600 HIGH

CVE-2021-3600

Vendor The Linux Kernel Organization
Product linux
Published January 8, 2024
Last update September 4, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.

Key dates

02Disclosure timeline

January 8, 2024 CVE published
September 4, 2024 Record updated