CVE-2021-29154 - log back

CVE-2021-29154 edited at 10 Apr 2021 19:20:12
Description
- An issue has been discovered in the Linux kernel that can be abused by unprivileged local users to escalate privileges. The issue is with how BPF JIT compilers for some architectures compute branch displacements when generating machine code. This can be abused to craft anomalous machine code and execute it in the Kernel mode, where the control flow is hijacked to execute unsafe code.
+ An issue has been discovered in the Linux kernel up to version 5.11.12 that can be abused by unprivileged local users to escalate privileges. The issue is with how BPF JIT compilers for some architectures compute branch displacements when generating machine code. This can be abused to craft anomalous machine code and execute it in the Kernel mode, where the control flow is hijacked to execute unsafe code.
CVE-2021-29154 edited at 10 Apr 2021 19:15:13
References
https://www.openwall.com/lists/oss-security/2021/04/08/1
- https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=e4d4d456436bfb2fe412ee2cd489f7658449b098
- https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=26f55a59dc65ff77cd1c4b37991e26497fc68049
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.13&id=b85b10dc8af463b59a732f299ade2612a8b950c9
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.13&id=7f6b5b8e03099559a3c05ce3715c147a1df90bbb
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.29&id=3edb8967d91ecbc4c5eee34a65d4124267327574
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.29&id=faa30969f66e74910e9424214a4a426c2dc249d8
CVE-2021-29154 edited at 08 Apr 2021 22:25:10
Severity
- Unknown
+ Medium
Type
- Unknown
+ Privilege escalation
Description
+ An issue has been discovered in the Linux kernel that can be abused by unprivileged local users to escalate privileges. The issue is with how BPF JIT compilers for some architectures compute branch displacements when generating machine code. This can be abused to craft anomalous machine code and execute it in the Kernel mode, where the control flow is hijacked to execute unsafe code.
- An issue has been discovered in the Linux kernel that can be abused by
- unprivileged local users to escalate privileges.
-
- The issue is with how BPF JIT compilers for some architectures compute
- branch displacements when generating machine code. This can be abused
- to craft anomalous machine code and execute it in the Kernel mode,
- where the control flow is hijacked to execute unsafe code.
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154
+ https://www.openwall.com/lists/oss-security/2021/04/08/1
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=e4d4d456436bfb2fe412ee2cd489f7658449b098
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=26f55a59dc65ff77cd1c4b37991e26497fc68049
CVE-2021-29154 edited at 08 Apr 2021 17:10:58
Remote
- Unknown
+ Local
CVE-2021-29154 edited at 08 Apr 2021 17:08:13
Description
+ An issue has been discovered in the Linux kernel that can be abused by
+ unprivileged local users to escalate privileges.
+
+ The issue is with how BPF JIT compilers for some architectures compute
+ branch displacements when generating machine code. This can be abused
+ to craft anomalous machine code and execute it in the Kernel mode,
+ where the control flow is hijacked to execute unsafe code.
References
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154
+ https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=e4d4d456436bfb2fe412ee2cd489f7658449b098
+ https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=26f55a59dc65ff77cd1c4b37991e26497fc68049
CVE-2021-29154 created at 08 Apr 2021 17:06:22
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes