Out-of-bounds Read Affecting bpftool package, versions *
Threat Intelligence
EPSS
0.06% (26th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS7-BPFTOOL-2026491
- published 14 Sep 2021
- disclosed 1 Sep 2021
Introduced: 1 Sep 2021
CVE-2021-3753 Open this link in a new tabHow to fix?
There is no fixed version for Centos:7 bpftool.
NVD Description
Note: Versions mentioned in the description apply only to the upstream bpftool package and not the bpftool package as distributed by Centos.
See How to fix? for Centos:7 relevant fixed versions and status.
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.
References
- https://access.redhat.com/security/cve/CVE-2021-3753
- https://bugzilla.redhat.com/show_bug.cgi?id=1999589
- https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7
- https://security.netapp.com/advisory/ntap-20221028-0003/
- https://www.openwall.com/lists/oss-security/2021/09/01/4
CVSS Scores
version 3.1