Vulnerability Details : CVE-2021-29155
Potential exploit
An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.
Products affected by CVE-2021-29155
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-29155
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 17 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-29155
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2021-29155
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-29155
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/
[SECURITY] Fedora 33 Update: kernel-5.11.16-200.fc33 - package-announce - Fedora Mailing-Lists
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7fedb63a8307dda0ec3b8969a3b233a1dd7ea8e0
bpf: Tighten speculative pointer arithmetic mask - kernel/git/torvalds/linux.git - Linux kernel source tree
-
https://www.kernel.org
The Linux Kernel ArchivesVendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/
[SECURITY] Fedora 34 Update: kernel-5.11.16-300.fc34 - package-announce - Fedora Mailing-Lists
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f55b2f2a1178856c19bbce2f71449926e731914
bpf: Move off_reg into sanitize_ptr_alu - kernel/git/torvalds/linux.git - Linux kernel source tree
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073815b756c51ba9d8384d924c5d1c03ca3d1ae4
bpf: Refactor and streamline bounds check into helper - kernel/git/torvalds/linux.git - Linux kernel source tree
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/
[SECURITY] Fedora 32 Update: kernel-5.11.16-100.fc32 - package-announce - Fedora Mailing-Lists
-
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
[SECURITY] [DLA 2690-1] linux-4.19 security updateMailing List;Third Party Advisory
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a6aaece00a57fa6f22575364b3903dfbccf5345d
bpf: Improve verifier error messages for users - kernel/git/torvalds/linux.git - Linux kernel source tree
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/
[SECURITY] Fedora 33 Update: kernel-5.11.16-200.fc33 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9601148392520e2e134936e76788fc2a6371e7be
bpf: Use correct permission flag for mixed signed bounds arithmetic - kernel/git/torvalds/linux.git - Linux kernel source tree
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b658bbb844e28f1862867f37e8ca11a8e2aa94a3
bpf: Rework ptr_limit into alu_limit and add common error path - kernel/git/torvalds/linux.git - Linux kernel source tree
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=24c109bb1537c12c02aeed2d51a347b4d6a9b76e
bpf: Ensure off_reg has no mixed signed bounds for all types - kernel/git/torvalds/linux.git - Linux kernel source tree
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f528819334881fd622fdadeddb3f7edaed8b7c9b
bpf: Move sanitize_val_alu out of op switch - kernel/git/torvalds/linux.git - Linux kernel source tree
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/
[SECURITY] Fedora 34 Update: kernel-5.11.16-300.fc34 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/
[SECURITY] Fedora 32 Update: kernel-5.11.16-100.fc32 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://www.openwall.com/lists/oss-security/2021/04/18/4
oss-security - [CVE-2021-29155] Linux kernel protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memoryMailing List;Patch;Third Party Advisory
Jump to