CVE-2021-29155 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Information disclosure
Description	An issue has been discovered in the Linux kernel before version 5.11.16 in the mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation). Unprivileged BPF programs running on affected systems can bypass the protection and execute speculatively out-of-bounds loads from the kernel memory. This can be abused to extract the contents of the kernel memory via a side-channel. The identified gap is that when protecting sequences of pointer arithmetic operations against speculatively out-of-bounds loads, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.

Group	Package	Affected	Fixed	Severity	Status
AVG-1854	linux-lts	5.10.31-1	5.10.32-1	Medium	Fixed
AVG-1853	linux-zen	5.11.15.zen1-2	5.11.16.zen1-1	Medium	Fixed
AVG-1852	linux-hardened	5.11.15.hardened1-1	5.11.16.hardened1-1	Medium	Fixed
AVG-1851	linux	5.11.15.arch1-2	5.11.16.arch1-1	Medium	Fixed

References
https://www.openwall.com/lists/oss-security/2021/04/18/4 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.16&id=4ccdc6c6cae38b91c871293fb0ed8c6845a61b51 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.16&id=1611010fa388974b61cd6362c49d3fd1e31e2126 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.16&id=af2bb00759b8810ec652a57d73158baf5a7b3a59 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.16&id=4aa1f14c519b96c66b63fb16122d6c3a04680bc6 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.16&id=5cba7ca00dae28bec6e13684b7a0ec83c64cd72e https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.16&id=8a39972ed3cec42163abc71787d7fc11bf316c78 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.32&id=4f3ff11204eac0ee23acf64deecb3bad7b0db0c6 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.32&id=589fd9684dfafee37c60abde4ca3c0af723be3b3 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.32&id=480d875f12424a86fd710e8762ed1e23b7f02572 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.32&id=55565c30790839b40311c270a8b1a437ae9b2769 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.32&id=7723d3243857ab20f6450cfbbd765d8594e5e308 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.32&id=fbe6603e7cabad8a203a764300531e9ca811317a

References

https://www.openwall.com/lists/oss-security/2021/04/18/4
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.16&id=4ccdc6c6cae38b91c871293fb0ed8c6845a61b51
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.16&id=1611010fa388974b61cd6362c49d3fd1e31e2126
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.16&id=af2bb00759b8810ec652a57d73158baf5a7b3a59
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.16&id=4aa1f14c519b96c66b63fb16122d6c3a04680bc6
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.16&id=5cba7ca00dae28bec6e13684b7a0ec83c64cd72e
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.16&id=8a39972ed3cec42163abc71787d7fc11bf316c78
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.32&id=4f3ff11204eac0ee23acf64deecb3bad7b0db0c6
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.32&id=589fd9684dfafee37c60abde4ca3c0af723be3b3
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.32&id=480d875f12424a86fd710e8762ed1e23b7f02572
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.32&id=55565c30790839b40311c270a8b1a437ae9b2769
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.32&id=7723d3243857ab20f6450cfbbd765d8594e5e308
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.32&id=fbe6603e7cabad8a203a764300531e9ca811317a