Published: 23/06/2021 Updated: 08/08/2023

CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 4.7 | Impact Score: 3.6 | Exploitability Score: 1

VMScore: 418

Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

In kernel/bpf/verifier.c in the Linux kernel prior to 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
debian debian linux 9.0

A flaw was found in the Linux kernel This flaw allows attackers to cause a denial of service (soft lockup) by triggering the destruction of a large SEV VM, which requires unregistering many encrypted regions The highest threat from this vulnerability is to system availability (CVE-2020-36311) A flaw was found in the Linux kernel's BPF subsystem, ...

A vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC) and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device without any previous knowledge (CVE-2020-26558 ...

A flaw was found in the Linux kernels implementation of wifi fragmentation handling An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device (CVE-2020-24586) A flaw was found in the Linux kernel ...

The Linux kernel BPF subsystem's protection against speculative execution attacks (Spectre mitigation) can be bypassed On affected systems, an unprivileged BPF program can exploit this vulnerability to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel ...

oss-sec mailing list archives   By Date By Thread </form>    [CVE-2021-33624] Linux kernel BPF protection against speculative execution attacks can be bypassed to read arbitrary kernel mem ...

Proof of Concept for CVE-2021-33624

Proof of Concept for CVE-2021-33624 compile with gcc -pthread -o bpf_spectre_type_confusion bpf_spectre_type_confusionc -Wall -ggdb -std=gnu99 execute with (sudo) /bpf_spectre_type_confusion 1 2 ffffffffa4925620 0x10 where 1 and 2 are CPU threads which run on two distinct hardware cores, ffffffffa4925620 is the target memory we want to leak and 0x10 is the number of bytes to

CWE-843 https://www.usenix.org/conference/usenixsecurity21/presentation/kirzner http://www.openwall.com/lists/oss-security/2021/06/21/1 https://github.com/torvalds/linux/commit/9183671af6dbf60a1219371d4ed73e23f43b49db https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://nvd.nist.gov https://github.com/Kakashiiiiy/CVE-2021-33624 http://seclists.org/oss-sec/2021/q2/226 https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-006.html

CVE-2021-33624

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect