Remote No

Type Information disclosure

Description

An issue has been discovered in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation). Unprivileged BPF programs running on affected systems can bypass the protection and execute speculatively out-of-bounds loads from the kernel memory. This can be abused to extract the contents of the kernel memory via a side-channel. The identified gap is that when protecting sequences of pointer arithmetic operations against speculatively out-of-bounds loads, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.

AVG-1785 linux-zen 5.11.15.zen1-2 Medium Vulnerable

AVG-1784 linux-hardened 5.11.14.hardened1-1 Medium Vulnerable

AVG-1783 linux 5.11.15.arch4-2 Medium Vulnerable

AVG-1741 linux-lts 5.10.31-1 Medium Vulnerable

https://www.openwall.com/lists/oss-security/2021/04/18/4
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9601148392520e2e134936e76788fc2a6371e7be
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6f55b2f2a1178856c19bbce2f71449926e731914
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24c109bb1537c12c02aeed2d51a347b4d6a9b76e
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b658bbb844e28f1862867f37e8ca11a8e2aa94a3
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a6aaece00a57fa6f22575364b3903dfbccf5345d
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=073815b756c51ba9d8384d924c5d1c03ca3d1ae4
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f528819334881fd622fdadeddb3f7edaed8b7c9b
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fedb63a8307dda0ec3b8969a3b233a1dd7ea8e0