CVE-2021-31829 — MEDIUM (5.5)

Q: How severe is CVE-2021-31829?

CVE-2021-31829 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-31829?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Debian Debian Linux.

Vulnerability Description

kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	<= 5.12.1
Fedoraproject	Fedora	32
Debian	Debian Linux	9.0

Related Weaknesses (CWE)

CWE-863

References

http://www.openwall.com/lists/oss-security/2021/05/04/4Mailing ListPatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2021/05/04/4Mailing ListPatchThird Party Advisory
https://github.com/torvalds/linux/commit/801c6058d14a82179a7ee17a4b532cac6fad067PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
http://www.openwall.com/lists/oss-security/2021/05/04/4Mailing ListPatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2021/05/04/4Mailing ListPatchThird Party Advisory
https://github.com/torvalds/linux/commit/801c6058d14a82179a7ee17a4b532cac6fad067PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro

FAQ

What is CVE-2021-31829?

CVE-2021-31829 is a vulnerability with a CVSS score of 5.5 (MEDIUM). kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific con...

How severe is CVE-2021-31829?

CVE-2021-31829 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-31829?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Debian Debian Linux.