First published: Thu Sep 02 2021(Updated: )
A vulnerability was found in Linux Kernel, where a type confusion problem in check_map_func_compatibility() may lead to free arbitrary kernel memory. Reference: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=5b029a32cfe4600f5e10e36b41778506b90fd4de">https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=5b029a32cfe4600f5e10e36b41778506b90fd4de</a> <a href="https://www.zerodayinitiative.com/advisories/ZDI-21-1148/">https://www.zerodayinitiative.com/advisories/ZDI-21-1148/</a>
Credit: zdi-disclosures@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/Kernel | <5.14 | 5.14 |
Red Hat Kernel-devel | ||
Linux Kernel | >=5.8<5.10.62 | |
Linux Kernel | >=5.11<5.13.14 | |
NetApp H410C | ||
NetApp H410C Firmware | ||
NetApp H300S Firmware | ||
NetApp H300S Firmware | ||
NetApp H500e Firmware | ||
NetApp H500e Firmware | ||
NetApp H700S | ||
NetApp H700S | ||
NetApp H300E | ||
NetApp H300E Firmware | ||
NetApp H500S Firmware | ||
NetApp H500e Firmware | ||
NetApp H700E | ||
NetApp H700E | ||
NetApp H410S | ||
NetApp H410S Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-34866 is a vulnerability in the Linux Kernel that allows local attackers to escalate privileges on affected installations.
CVE-2021-34866 has a severity value of 8.8, which is considered high.
CVE-2021-34866 affects Linux Kernel versions 5.8 to 5.10.62, and versions 5.11 to 5.13.14.
To exploit CVE-2021-34866, an attacker must first obtain the ability to execute low-privileged code on the target system.
You can find more information about CVE-2021-34866 at the following references: [ZDI-21-1148](https://www.zerodayinitiative.com/advisories/ZDI-21-1148/) and [Netapp Advisory](https://security.netapp.com/advisory/ntap-20220217-0008/).