How severe is CVE-2021-34866?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2021-34866?

This is classified as CWE-843, which is a common weakness in software security.

CVE-2021-34866

HIGH Year: 2021

CVSS v3 Score

8.8

High

CVSS v2 Score

7.2

High

Weakness Type

CWE-843

View all →

Vulnerability Description

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689.

CVE-2011-0611

HIGH

CVSS:8.8(High)

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Re...

CWE-8432011

CVE-2012-4512

HIGH

CVSS:8.8(High)

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "typ...

CWE-8432012

CVE-2016-0985

HIGH

CVSS:8.8(High)

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe A...

CWE-8432016

CVE-2016-1015

HIGH

CVSS:8.8(High)

Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code by overriding NetConnection...

CWE-8432016

CVE-2016-4149

HIGH

CVSS:8.8(High)

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack ...

CWE-8432016

CVE-2016-4223

HIGH

CVSS:8.8(High)

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecifie...

CWE-8432016

CVE-2021-34866

Vulnerability Description

Related Vulnerabilities

CVE-2011-0611

CVE-2012-4512

CVE-2016-0985

CVE-2016-1015

CVE-2016-4149

CVE-2016-4223