cvelistv5 - CVE-2021-3411

CVE-2021-3411 (GCVE-0-2021-3411)

Vulnerability from cvelistv5

Published

2021-03-09 19:08

Modified

2024-08-03 16:53

Severity ?

CWE

CWE-94

Summary

A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

URL

	Vendor	Product	Version
	n/a	Linux kernel	Version: Linux kernel 5.10

fkie_cve-2021-3411

Vulnerability from fkie_nvd

Published

2021-03-09 20:15

Modified

2024-11-21 06:21

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secalert@redhat.com	http://blog.pi3.com.pl/?p=831	Exploit, Patch, Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1928236	Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://blog.pi3.com.pl/?p=831	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1928236	Exploit, Issue Tracking, Third Party Advisory

Impacted products

	Vendor	Product	Version
	linux	linux_kernel	*
	redhat	enterprise_linux	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D61CA62B-157A-4415-B8FD-7C3C1208315D",
              "versionEndExcluding": "5.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un fallo en el kernel de Linux en versiones anteriores a 5.10.\u0026#xa0;Se encontr\u00f3 una violaci\u00f3n del acceso a la memoria al detectar un relleno de int3 en el estado de enlace.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, as\u00ed como la disponibilidad del sistema"
    }
  ],
  "id": "CVE-2021-3411",
  "lastModified": "2024-11-21T06:21:26.693",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-09T20:15:13.417",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://blog.pi3.com.pl/?p=831"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928236"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://blog.pi3.com.pl/?p=831"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928236"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

msrc_cve-2021-3411

Vulnerability from csaf_microsoft

Published

2021-03-02 00:00

Modified

2021-03-13 00:00

Summary

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2021-3411 A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-3411.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
    "tracking": {
      "current_release_date": "2021-03-13T00:00:00.000Z",
      "generator": {
        "date": "2025-10-19T21:50:22.161Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2021-3411",
      "initial_release_date": "2021-03-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2021-03-13T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.0",
                "product": {
                  "name": "CBL Mariner 1.0 x64",
                  "product_id": "12137"
                }
              },
              {
                "category": "product_version",
                "name": "1.0",
                "product": {
                  "name": "CBL Mariner 1.0 ARM",
                  "product_id": "12138"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ckernel-5.10.57.1-1.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "12137-16"
        },
        "product_reference": "16",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-5.10.57.1-1.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "13851-12137"
        },
        "product_reference": "13851",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ckernel-devel-5.10.57.1-1.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "12137-15"
        },
        "product_reference": "15",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-5.10.57.1-1.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "13852-12137"
        },
        "product_reference": "13852",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ckernel-drivers-accessibility-5.10.57.1-1.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "12137-14"
        },
        "product_reference": "14",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-drivers-accessibility-5.10.57.1-1.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "13853-12137"
        },
        "product_reference": "13853",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ckernel-drivers-sound-5.10.57.1-1.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "12137-13"
        },
        "product_reference": "13",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-drivers-sound-5.10.57.1-1.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "13854-12137"
        },
        "product_reference": "13854",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ckernel-docs-5.10.57.1-1.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "12137-12"
        },
        "product_reference": "12",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-docs-5.10.57.1-1.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "13855-12137"
        },
        "product_reference": "13855",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ckernel-oprofile-5.10.57.1-1.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "12137-11"
        },
        "product_reference": "11",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-oprofile-5.10.57.1-1.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "13856-12137"
        },
        "product_reference": "13856",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ckernel-tools-5.10.57.1-1.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "12137-10"
        },
        "product_reference": "10",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-tools-5.10.57.1-1.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "13857-12137"
        },
        "product_reference": "13857",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ckernel-debuginfo-5.10.57.1-1.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "12137-9"
        },
        "product_reference": "9",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-debuginfo-5.10.57.1-1.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "13858-12137"
        },
        "product_reference": "13858",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ckernel-5.10.57.1-1.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "12138-8"
        },
        "product_reference": "8",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-5.10.57.1-1.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "13859-12138"
        },
        "product_reference": "13859",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ckernel-devel-5.10.57.1-1.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "12138-7"
        },
        "product_reference": "7",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-5.10.57.1-1.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "13860-12138"
        },
        "product_reference": "13860",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ckernel-drivers-accessibility-5.10.57.1-1.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "12138-6"
        },
        "product_reference": "6",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-drivers-accessibility-5.10.57.1-1.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "13861-12138"
        },
        "product_reference": "13861",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ckernel-drivers-sound-5.10.57.1-1.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "12138-5"
        },
        "product_reference": "5",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-drivers-sound-5.10.57.1-1.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "13862-12138"
        },
        "product_reference": "13862",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ckernel-docs-5.10.57.1-1.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "12138-4"
        },
        "product_reference": "4",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-docs-5.10.57.1-1.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "13863-12138"
        },
        "product_reference": "13863",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ckernel-tools-5.10.57.1-1.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "12138-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-tools-5.10.57.1-1.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "13864-12138"
        },
        "product_reference": "13864",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ckernel-dtb-5.10.57.1-1.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "12138-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-dtb-5.10.57.1-1.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "13865-12138"
        },
        "product_reference": "13865",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ckernel-debuginfo-5.10.57.1-1.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "12138-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-debuginfo-5.10.57.1-1.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "13866-12138"
        },
        "product_reference": "13866",
        "relates_to_product_reference": "12138"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-3411",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "general",
          "text": "redhat",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "13851-12137",
          "13852-12137",
          "13853-12137",
          "13854-12137",
          "13855-12137",
          "13856-12137",
          "13857-12137",
          "13858-12137",
          "13859-12138",
          "13860-12138",
          "13861-12138",
          "13862-12138",
          "13863-12138",
          "13864-12138",
          "13865-12138",
          "13866-12138"
        ],
        "known_affected": [
          "12137-16",
          "12137-15",
          "12137-14",
          "12137-13",
          "12137-12",
          "12137-11",
          "12137-10",
          "12137-9",
          "12138-8",
          "12138-7",
          "12138-6",
          "12138-5",
          "12138-4",
          "12138-3",
          "12138-2",
          "12138-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-3411 A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-3411.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-13T00:00:00.000Z",
          "details": "-:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "12137-16",
            "12137-15",
            "12137-14",
            "12137-13",
            "12137-12",
            "12137-11",
            "12137-10",
            "12137-9",
            "12138-8",
            "12138-7",
            "12138-6",
            "12138-5",
            "12138-4",
            "12138-3",
            "12138-2",
            "12138-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "temporalScore": 6.7,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "12137-16",
            "12137-15",
            "12137-14",
            "12137-13",
            "12137-12",
            "12137-11",
            "12137-10",
            "12137-9",
            "12138-8",
            "12138-7",
            "12138-6",
            "12138-5",
            "12138-4",
            "12138-3",
            "12138-2",
            "12138-1"
          ]
        }
      ],
      "title": "A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
    }
  ]
}

CERTFR-2021-AVI-265

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 LTS
Ubuntu	Ubuntu	Ubuntu 20.10
Ubuntu	Ubuntu	Ubuntu 18.04 LTS
Ubuntu	Ubuntu	Ubuntu 20.04 LTS
Ubuntu	Ubuntu	Ubuntu 14.04 ESM

References

Title

Publication Time

ghsa-wmhx-48c3-f3gj

Vulnerability from github

Published

2022-05-24 17:44

Modified

2022-05-24 17:44

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-3411"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-09T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
  "id": "GHSA-wmhx-48c3-f3gj",
  "modified": "2022-05-24T17:44:02Z",
  "published": "2022-05-24T17:44:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3411"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928236"
    },
    {
      "type": "WEB",
      "url": "http://blog.pi3.com.pl/?p=831"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2021-3411

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2021-3411

Aliases

CVE-2021-3411

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-3411",
    "description": "A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
    "id": "GSD-2021-3411",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-3411.html",
      "https://ubuntu.com/security/CVE-2021-3411",
      "https://linux.oracle.com/cve/CVE-2021-3411.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-3411"
      ],
      "details": "A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
      "id": "GSD-2021-3411",
      "modified": "2023-12-13T01:23:33.988986Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2021-3411",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Linux kernel",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Linux kernel 5.10"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-94"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928236",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928236"
          },
          {
            "name": "http://blog.pi3.com.pl/?p=831",
            "refsource": "MISC",
            "url": "http://blog.pi3.com.pl/?p=831"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.10",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-3411"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928236",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928236"
            },
            {
              "name": "http://blog.pi3.com.pl/?p=831",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://blog.pi3.com.pl/?p=831"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-05-21T15:30Z",
      "publishedDate": "2021-03-09T20:15Z"
    }
  }
}

cnvd-2021-19425

Vulnerability from cnvd

Title

Linux kernel内存访问冲突漏洞

Description

Linux kernel是一种计算机操作系统内核，以C语言和汇编语言写成，符合POSIX标准，按GNU通用公共许可证发行。 Linux kernel 5.10之前版本存在内存访问冲突漏洞。攻击者可利用该漏洞影响数据机密性、完整性以及系统可用性。

Severity

中

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://ubuntu.com/security/CVE-2021-3411

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-3411

Impacted products

Name
Linux Linux kernel <5.10

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-3411",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-3411"
    }
  },
  "description": "Linux kernel\u662f\u4e00\u79cd\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u5185\u6838\uff0c\u4ee5C\u8bed\u8a00\u548c\u6c47\u7f16\u8bed\u8a00\u5199\u6210\uff0c\u7b26\u5408POSIX\u6807\u51c6\uff0c\u6309GNU\u901a\u7528\u516c\u5171\u8bb8\u53ef\u8bc1\u53d1\u884c\u3002\n\nLinux kernel 5.10\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5185\u5b58\u8bbf\u95ee\u51b2\u7a81\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5f71\u54cd\u6570\u636e\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u4ee5\u53ca\u7cfb\u7edf\u53ef\u7528\u6027\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://ubuntu.com/security/CVE-2021-3411",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-19425",
  "openTime": "2021-03-19",
  "products": {
    "product": "Linux  Linux kernel \u003c5.10"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-3411",
  "serverity": "\u4e2d",
  "submitTime": "2021-03-10",
  "title": "Linux kernel\u5185\u5b58\u8bbf\u95ee\u51b2\u7a81\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2021-3411 (GCVE-0-2021-3411)

Vulnerability from cvelistv5

fkie_cve-2021-3411

Vulnerability from fkie_nvd

msrc_cve-2021-3411

Vulnerability from csaf_microsoft

CERTFR-2021-AVI-265

Vulnerability from certfr_avis

Solution

ghsa-wmhx-48c3-f3gj

Vulnerability from github

gsd-2021-3411

Vulnerability from gsd

cnvd-2021-19425

Vulnerability from cnvd

Tags

Sightings

Nomenclature