CVE-2020-27170 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Information disclosure
Description	A gap in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation) has been identified. Unprivileged BPF programs running on affected systems can bypass the protection and execute speculatively out-of-bounds loads from any location within the kernel memory. This can be abused to extract contents of kernel memory via side-channel. The identified gap is that unprivileged BPF programs are allowed to perform pointer arithmetic on particular pointer types not defining ptr_limit. Pointer arithmetic on such pointer types is not protected against out-of-bounds speculation. The issue is fixed in kernel versions 5.11.8 and 5.10.25.

Group	Package	Affected	Fixed	Severity	Status
AVG-1714	linux-lts	5.10.24-1	5.10.25-1	Medium	Fixed
AVG-1713	linux-zen	5.11.7.zen1-1	5.11.8.zen1-1	Medium	Fixed
AVG-1712	linux-hardened	5.11.7.hardened1-1	5.11.8.hardened1-1	Medium	Fixed
AVG-1711	linux	5.11.7.arch1-1	5.11.8.arch1-1	Medium	Fixed

References
https://www.openwall.com/lists/oss-security/2021/03/19/2 https://www.openwall.com/lists/oss-security/2021/03/24/4 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.8&id=6bf7609666f6b2a9169c39c79a47ef8d6082afae https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.25&id=c4d37eea1c641a9319baf34253cc373abb39d3e1

References

https://www.openwall.com/lists/oss-security/2021/03/19/2
https://www.openwall.com/lists/oss-security/2021/03/24/4
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.8&id=6bf7609666f6b2a9169c39c79a47ef8d6082afae
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.25&id=c4d37eea1c641a9319baf34253cc373abb39d3e1