CVE-2021-33624 log

Source
Severity Medium
Remote No
Type Information disclosure
Description 
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.
Group Package Affected Fixed Severity Status Ticket
AVG-2097 linux-lts 5.10.45-1 5.10.46-1 Medium Fixed
AVG-2096 linux-hardened 5.12.12.hardened1-1 5.12.13.hardened1-1 Medium Fixed
AVG-2095 linux-zen 5.12.12.zen1-1 5.12.13.zen1-1 Medium Fixed
AVG-2094 linux 5.12.12.arch1-1 5.12.13.arch1-1 Medium Fixed
References 
https://www.openwall.com/lists/oss-security/2021/06/21/1
https://www.usenix.org/conference/usenixsecurity21/presentation/kirzner
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.13&id=408a4956acde24413f3c684912b1d3e404bed8e2
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.13&id=68a1936e1812653b68c5b68e698d88fb35018835
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.13&id=4a99047ed51c98a09a537fe2c12420d815dfe296
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.46&id=e9d271731d21647f8f9e9a261582cf47b868589a
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.46&id=8c82c52d1de931532200b447df8b4fc92129cfd9
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.46&id=5fc6ed1831ca5a30fb0ceefd5e33c7c689e7627b