CVE-2021-29155 - log back

CVE-2021-29155 edited at 21 Apr 2021 14:17:52
Description
- An issue has been discovered in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation). Unprivileged BPF programs running on affected systems can bypass the protection and execute speculatively out-of-bounds loads from the kernel memory. This can be abused to extract the contents of the kernel memory via a side-channel. The identified gap is that when protecting sequences of pointer arithmetic operations against speculatively out-of-bounds loads, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.
+ An issue has been discovered in the Linux kernel before version 5.11.16 in the mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation). Unprivileged BPF programs running on affected systems can bypass the protection and execute speculatively out-of-bounds loads from the kernel memory. This can be abused to extract the contents of the kernel memory via a side-channel. The identified gap is that when protecting sequences of pointer arithmetic operations against speculatively out-of-bounds loads, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.
References
https://www.openwall.com/lists/oss-security/2021/04/18/4
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9601148392520e2e134936e76788fc2a6371e7be
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6f55b2f2a1178856c19bbce2f71449926e731914
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24c109bb1537c12c02aeed2d51a347b4d6a9b76e
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b658bbb844e28f1862867f37e8ca11a8e2aa94a3
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a6aaece00a57fa6f22575364b3903dfbccf5345d
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=073815b756c51ba9d8384d924c5d1c03ca3d1ae4
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f528819334881fd622fdadeddb3f7edaed8b7c9b
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fedb63a8307dda0ec3b8969a3b233a1dd7ea8e0
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.16&id=4ccdc6c6cae38b91c871293fb0ed8c6845a61b51
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.16&id=1611010fa388974b61cd6362c49d3fd1e31e2126
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.16&id=af2bb00759b8810ec652a57d73158baf5a7b3a59
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.16&id=4aa1f14c519b96c66b63fb16122d6c3a04680bc6
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.16&id=5cba7ca00dae28bec6e13684b7a0ec83c64cd72e
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.16&id=8a39972ed3cec42163abc71787d7fc11bf316c78
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.32&id=4f3ff11204eac0ee23acf64deecb3bad7b0db0c6
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.32&id=589fd9684dfafee37c60abde4ca3c0af723be3b3
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.32&id=480d875f12424a86fd710e8762ed1e23b7f02572
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.32&id=55565c30790839b40311c270a8b1a437ae9b2769
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.32&id=7723d3243857ab20f6450cfbbd765d8594e5e308
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.32&id=fbe6603e7cabad8a203a764300531e9ca811317a
CVE-2021-29155 edited at 18 Apr 2021 12:43:57
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ An issue has been discovered in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation). Unprivileged BPF programs running on affected systems can bypass the protection and execute speculatively out-of-bounds loads from the kernel memory. This can be abused to extract the contents of the kernel memory via a side-channel. The identified gap is that when protecting sequences of pointer arithmetic operations against speculatively out-of-bounds loads, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.
References
+ https://www.openwall.com/lists/oss-security/2021/04/18/4
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9601148392520e2e134936e76788fc2a6371e7be
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6f55b2f2a1178856c19bbce2f71449926e731914
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24c109bb1537c12c02aeed2d51a347b4d6a9b76e
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b658bbb844e28f1862867f37e8ca11a8e2aa94a3
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a6aaece00a57fa6f22575364b3903dfbccf5345d
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=073815b756c51ba9d8384d924c5d1c03ca3d1ae4
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f528819334881fd622fdadeddb3f7edaed8b7c9b
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fedb63a8307dda0ec3b8969a3b233a1dd7ea8e0
CVE-2021-29155 created at 18 Apr 2021 12:39:47
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes