Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2021-29155

Published: 20/04/2021 Updated: 25/03/2024
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Linux

Vulnerability Summary

An issue exists in the Linux kernel up to and including 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

debian debian linux 9.0

Vendor Advisories

Amazon Linux AMI: ALAS-2021-1503
kernel: refcount leak in llcp_sock_bind() (CVE-2020-25670) kernel: refcount leak in llcp_sock_connect() (CVE-2020-25671) kernel: memory leak in llcp_sock_connect() (CVE-2020-25672) An issue was discovered in the Linux kernel related to mm/gupc and mm/huge_memoryc The get_user_pages (aka gup) implementation, when used for a copy-on-write page, do ...
Red Hat: CVE-2021-29155
No description is available for this CVE ...
Amazon Linux 2: ALAS2-2021-1636
An issue was discovered in the Linux kernel related to mm/gupc and mm/huge_memoryc The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access (CVE-2020-29374) A use-after-free flaw was found in the Linux kernel's SCT ...
Amazon Linux 2: ALAS2KERNEL-5.4-2022-003
A use-after-free flaw was found in the Linux kernel's NFC LLCP protocol implementation in the way the user performs manipulation with an unknown input for the llcp_sock_bind() function This flaw allows a local user to crash or escalate their privileges on the system (CVE-2020-25670) A use-after-free flaw was found in the Linux kernel's NFC LLCP p ...
Amazon Linux 2: ALAS2KERNEL-5.10-2022-001
A use-after-free flaw was found in the Linux kernel's NFC LLCP protocol implementation in the way the user performs manipulation with an unknown input for the llcp_sock_bind() function This flaw allows a local user to crash or escalate their privileges on the system (CVE-2020-25670) A use-after-free flaw was found in the Linux kernel's NFC LLCP p ...
Arch Linux Issues:
An issue has been discovered in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation) Unprivileged BPF programs running on affected systems can bypass the protection and execute speculatively out-of-bounds loads from the kernel memory This can be abused to extract the contents of the kernel memory via a sid ...

Mailing Lists

Full Disclosure: [CVE-2021-29155] Linux kernel protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> [CVE-2021-29155] Linux kernel protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loa ...

Github Repositories

https://github.com/Kakashiiiiy/CVE-2021-29155

Proof of Concept CVE-2021-29155

This is the Proof Of Concept code for CVE-2021-29155 The range tracking system for pointer arithmetic in the speculative domain was insufficient It was possible to extract kernel data via a sidechannel This is a proof of concept you can read up to 0x5fff bytes out of bounds from the last element of our map onwards This issue was fixxed in 512 gitkernelorg/pub/scm

References

CWE-125https://www.kernel.orghttps://www.openwall.com/lists/oss-security/2021/04/18/4https://lists.debian.org/debian-lts-announce/2021/06/msg00019.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9601148392520e2e134936e76788fc2a6371e7behttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f55b2f2a1178856c19bbce2f71449926e731914https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=24c109bb1537c12c02aeed2d51a347b4d6a9b76ehttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b658bbb844e28f1862867f37e8ca11a8e2aa94a3https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a6aaece00a57fa6f22575364b3903dfbccf5345dhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073815b756c51ba9d8384d924c5d1c03ca3d1ae4https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f528819334881fd622fdadeddb3f7edaed8b7c9bhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7fedb63a8307dda0ec3b8969a3b233a1dd7ea8e0https://nvd.nist.govhttps://github.com/Kakashiiiiy/CVE-2021-29155https://alas.aws.amazon.com/ALAS-2021-1503.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook