QwikSec

Security Database

CVE

CWE

Training

CVE-2021-34556

Published: Aug 2, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c

x_refsource_MISC

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2021/08/01/3

x_refsource_MISC

FEDORA-2021-4d4d3866ca

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-54ee631709

vendor-advisory

x_refsource_FEDORA

[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.