QwikSec

Security Database

CVE

CWE

Training

CVE-2021-38300

Published: Sep 20, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.openwall.com/lists/oss-security/2021/09/15/5

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20211008-0003/

x_refsource_CONFIRM

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=37cb28ec7d3a36a5bace7063a3dba633ab110f8b

x_refsource_CONFIRM

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.10

x_refsource_CONFIRM

[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.