CVE-2021-29154

Name
CVE-2021-29154
Description
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Mailing List https://www.openwall.com/lists/oss-security/2021/04/08/1
Issue Tracking https://news.ycombinator.com/item?id=26757760
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/
MISC http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20210604-0006/
MLIST https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
MLIST https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
cve@mitre.org https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26f55a59dc65ff77cd1c4b37991e26497fc68049
cve@mitre.org https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4d4d456436bfb2fe412ee2cd489f7658449b098
cve@mitre.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/
Third Party Advisory https://www.oracle.com/security-alerts/cpujul2022.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= None <= 5.11.12
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 3.0 < 4.4.266
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 4.5 < 4.9.266
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 4.10 < 4.14.230
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 4.15 < 4.19.186
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 4.20 < 5.4.111
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 5.5 < 5.10.29
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 5.11 < 5.11.13

Vulnerable and fixed packages

Source package Branch Version Maintainer Status