CVE-2021-3600

Related Files

Kernel Live Patch Security Notice LSN-0079-1

Posted Jul 26, 2021

Authored by Benjamin M. Romer

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local

systems | linux

advisories | CVE-2021-33909, CVE-2021-3600

SHA-256 | 85ecff3443cabbbdfd95e276021ce53f9ded3558dc511597031bf1014cb24140

Download | Favorite | View

Ubuntu Security Notice USN-5003-1

Posted Jun 23, 2021

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5003-1 - Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local, vulnerability, protocol

systems | linux, ubuntu

advisories | CVE-2021-23133, CVE-2021-3600, CVE-2021-3609

SHA-256 | 454600fca920521d2f7dc91a8be4196b4e4b50958a1a84bbdc3fecdab0e71be6

Download | Favorite | View