1. Home
  2. Vulnerabilities
  3. CVE-2021-29155

CVE-2021-29155

CVSS v3.1 5.5 (Medium)
55% Progress
CVSS v2.0 2.1 (Low)
21% Progress
EPSS 0.05 % (20th)
0.05% Progress
Affected Products 3
Advisories 32
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.

Weaknesses
CWE-125
Out-of-bounds Read
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2021-04-20 16:15:10
(3 years ago)
Updated Date
2024-03-25 01:15:50
(5 months ago)

Affected Products

Debian

Fedoraproject

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel prior 5.11.16 version cpe:2.3:o:linux:linux_kernel < 5.11.16

Configuration #2

    CPE23 From Up To
  Fedoraproject Fedora 32 cpe:2.3:o:fedoraproject:fedora:32
  Fedoraproject Fedora 33 cpe:2.3:o:fedoraproject:fedora:33
  Fedoraproject Fedora 34 cpe:2.3:o:fedoraproject:fedora:34

Configuration #3

    CPE23 From Up To
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0