kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:35
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
01 Jan 2022, 18:06
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
First Time |
Debian
Debian debian Linux |
23 Jun 2021, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 May 2021, 18:51
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VWCZ6LJLENL2C3URW5ICARTACXPFCFN2/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI7OBCJQDNWMKLBP6MZ5NV4EUTDAMX6Q/ - Mailing List, Third Party Advisory | |
References | (MISC) http://www.openwall.com/lists/oss-security/2021/05/04/4 - Mailing List, Patch, Third Party Advisory | |
References | (MISC) https://github.com/torvalds/linux/commit/801c6058d14a82179a7ee17a4b532cac6fad067f - Patch, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4X2G5YAPYJGI3PFEZZNOTRYI33GOCCZ/ - Mailing List, Third Party Advisory | |
CWE | CWE-863 | |
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
13 May 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 May 2021, 16:33
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-05-06 16:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-31829
Mitre link : CVE-2021-31829
CVE.ORG link : CVE-2021-31829
JSON object : View
Products Affected
linux
- linux_kernel
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-863
Incorrect Authorization