Vulnerability Description
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 3.0, < 4.4.266 |
| Fedoraproject | Fedora | 33 |
| Debian | Debian Linux | 9.0 |
| Netapp | Cloud Backup | - |
| Netapp | Hci Management Node | - |
| Netapp | Solidfire | - |
| Netapp | H300S Firmware | - |
| Netapp | H300S | - |
| Netapp | H500S Firmware | - |
| Netapp | H500S | - |
| Netapp | H700S Firmware | - |
| Netapp | H700S | - |
| Netapp | H300E Firmware | - |
| Netapp | H300E | - |
| Netapp | H500E Firmware | - |
| Netapp | H500E | - |
| Netapp | H700E Firmware | - |
| Netapp | H700E | - |
| Netapp | H410S Firmware | - |
| Netapp | H410S | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSThird Party AdvisoryVDB Entry
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26f55
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4d4d
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://news.ycombinator.com/item?id=26757760Issue TrackingThird Party Advisory
- https://security.netapp.com/advisory/ntap-20210604-0006/Third Party Advisory
- https://www.openwall.com/lists/oss-security/2021/04/08/1Mailing ListPatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
- http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSThird Party AdvisoryVDB Entry
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26f55
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4d4d
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2021-29154?
CVE-2021-29154 is a vulnerability with a CVSS score of 7.8 (HIGH). BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/b...
How severe is CVE-2021-29154?
CVE-2021-29154 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-29154?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Debian Debian Linux, Netapp Cloud Backup, Netapp Hci Management Node.