QwikSec

Security Database

CVE

CWE

Training

CVE-2021-35477

Published: Aug 2, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.openwall.com/lists/oss-security/2021/08/01/3

x_refsource_MISC

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c

x_refsource_MISC

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee

x_refsource_MISC

FEDORA-2021-4d4d3866ca

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-54ee631709

vendor-advisory

x_refsource_FEDORA

[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2021-35477 - Security Vulnerability | QwikSec