Home > Vulnerability Database > CVE-2021-29154

Mend.io Vulnerability Database

CVE-2021-29154

Good to know:

Date: April 7, 2021

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.

Language: C

Severity Score

7.8

Related Resources (16)

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29154

Url: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26f55a59dc65ff77cd1c4b37991e26497fc68049

Url: https://news.ycombinator.com/item?id=26757760

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/

Url: http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html

Url: https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html

Url: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4d4d456436bfb2fe412ee2cd489f7658449b098

Url: https://www.openwall.com/lists/oss-security/2021/04/08/1

Url: https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html

Url: https://access.redhat.com/security/cve/CVE-2021-29154

Url: https://security.netapp.com/advisory/ntap-20210604-0006/

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-29154

Url: https://www.oracle.com/security-alerts/cpujul2022.html

Url: https://security-tracker.debian.org/tracker/CVE-2021-29154

Url: https://www.mend.io/vulnerability-database/CVE-2021-29154

Severity Score

7.8

Weakness Type (CWE)

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-77

Top Fix

Upgrade Version

Upgrade to version linux-libc-headers - 5.8;linux-libc-headers - 5.13;linux-yocto - 4.8.26+gitAUTOINC+1c60e003c7_27efc3ba68;linux-yocto - 4.10+gitAUTOINC+805ea440c7_b259a5d744

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.2
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-29154

Good to know:

Date: April 7, 2021

Language: C

Severity Score

Related Resources (16)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?