QwikSec

Security Database

CVE

CWE

Training

CVE-2021-31829

Published: May 6, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20210504 [CVE-2021-31829] Linux kernel protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory

mailing-list

x_refsource_MLIST

http://www.openwall.com/lists/oss-security/2021/05/04/4

x_refsource_MISC

https://github.com/torvalds/linux/commit/801c6058d14a82179a7ee17a4b532cac6fad067f

x_refsource_MISC

FEDORA-2021-9c0276e935

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-5ad5249c43

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-7c085ca697

vendor-advisory

x_refsource_FEDORA

[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.