CVE-2021-29154
Last modified
CVE-2021-29154 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.. EPSS estimates a 0.94% chance of exploitation in the next 30 days.
Description
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 3.0, < 4.4.266 |
| Linux | Linux Kernel | >= 4.5, < 4.9.266 |
| Linux | Linux Kernel | >= 4.10, < 4.14.230 |
| Linux | Linux Kernel | >= 4.15, < 4.19.186 |
| Linux | Linux Kernel | >= 4.20, < 5.4.111 |
| Linux | Linux Kernel | >= 5.5, < 5.10.29 |
| Linux | Linux Kernel | >= 5.11, < 5.11.13 |
| Fedoraproject | Fedora | 33 |
| Debian | Debian Linux | 9.0 |
| Netapp | Cloud Backup | All versions |
| Netapp | Hci Management Node | All versions |
| Netapp | Solidfire | All versions |
| Netapp | H300s Firmware | All versions |
| Netapp | H500s Firmware | All versions |
| Netapp | H700s Firmware | All versions |
| Netapp | H300e Firmware | All versions |
| Netapp | H500e Firmware | All versions |
| Netapp | H700e Firmware | All versions |
| Netapp | H410s Firmware | All versions |
References
- http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.htmlThird Party Advisory, VDB Entry
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.htmlMailing List, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.htmlMailing List, Third Party Advisory
- https://news.ycombinator.com/item?id=26757760Issue Tracking, Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210604-0006/Third Party Advisory
- https://www.openwall.com/lists/oss-security/2021/04/08/1Mailing List, Patch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
- http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.htmlThird Party Advisory, VDB Entry
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.htmlMailing List, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.htmlMailing List, Third Party Advisory
- https://news.ycombinator.com/item?id=26757760Issue Tracking, Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210604-0006/Third Party Advisory
- https://www.openwall.com/lists/oss-security/2021/04/08/1Mailing List, Patch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-29154?
How severe is CVE-2021-29154?
How do I fix CVE-2021-29154?
Are you affected by CVE-2021-29154?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST