CVE-2021-29154 | Severity.io

Description

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.

Related CPE's

o

linux

linux_kernel

7

Vulnerable

Vulnerable

Vulnerable

hci_management_node

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

References

http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html

Third Party AdvisoryVDB Entry

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26f55a59dc65ff77cd1c4b37991e26497fc68049

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4d4d456436bfb2fe412ee2cd489f7658449b098

https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/

https://news.ycombinator.com/item?id=26757760

Issue TrackingThird Party Advisory

https://security.netapp.com/advisory/ntap-20210604-0006/

Third Party Advisory

https://www.openwall.com/lists/oss-security/2021/04/08/1

Mailing ListPatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Third Party Advisory

Weaknesses

[email protected]

Primary

CWE-77

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-04-08T21:15:13.580

4 years ago

Last modified

2024-03-25T01:15:50.580

1 year ago