How severe is CVE-2021-3444?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2021-3444?

This is classified as CWE-681, which is a common weakness in software security.

CVE-2021-3444 - HIGH Severity | CVSS 7.8

Vulnerability Description

The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.

Related Vulnerabilities

CVE-2007-4268

HIGH

CVSS:7.8(High)

Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which sa...

CWE-6812007

CVE-2007-4988

HIGH

CVSS:7.8(High)

Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers ...

CWE-6812007

CVE-2008-3282

HIGH

CVSS:7.8(High)

Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a deni...

CWE-6812008

CVE-2017-7308

HIGH

CVSS:7.8(High)

The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (int...

CWE-6812017

CVE-2019-14563

HIGH

CVSS:7.8(High)

Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-6812019

CVE-2021-32461

HIGH

CVSS:7.8(High)

Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer ov...

CWE-6812021