CVE-2021-33624 - log back

CVE-2021-33624 edited at 23 Jun 2021 19:04:29
Description
- The Linux kernel BPF subsystem's protection against speculative execution attacks (Spectre mitigation) can be bypassed. On affected systems, an unprivileged BPF program can exploit this vulnerability to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel.
+ In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.
References
https://www.openwall.com/lists/oss-security/2021/06/21/1
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d203b0fd863a2261e5d00b97f3d060c4c2a6db71
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fe9a5ca7e370e613a9a75a13008a3845ea759d6e
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9183671af6dbf60a1219371d4ed73e23f43b49db
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=973377ffe8148180b2651825b92ae91988141b05
+ https://www.usenix.org/conference/usenixsecurity21/presentation/kirzner
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.13&id=408a4956acde24413f3c684912b1d3e404bed8e2
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.13&id=68a1936e1812653b68c5b68e698d88fb35018835
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.13&id=4a99047ed51c98a09a537fe2c12420d815dfe296
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.46&id=e9d271731d21647f8f9e9a261582cf47b868589a
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.46&id=8c82c52d1de931532200b447df8b4fc92129cfd9
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.46&id=5fc6ed1831ca5a30fb0ceefd5e33c7c689e7627b
CVE-2021-33624 edited at 21 Jun 2021 15:10:20
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ The Linux kernel BPF subsystem's protection against speculative execution attacks (Spectre mitigation) can be bypassed. On affected systems, an unprivileged BPF program can exploit this vulnerability to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel.
References
+ https://www.openwall.com/lists/oss-security/2021/06/21/1
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d203b0fd863a2261e5d00b97f3d060c4c2a6db71
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fe9a5ca7e370e613a9a75a13008a3845ea759d6e
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9183671af6dbf60a1219371d4ed73e23f43b49db
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=973377ffe8148180b2651825b92ae91988141b05
CVE-2021-33624 created at 21 Jun 2021 15:08:42
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes