Home > Vulnerability Database > CVE-2021-31829

Mend.io Vulnerability Database

CVE-2021-31829

Good to know:

Date: May 6, 2021

kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel.

Language: C

Severity Score

5.5

Related Resources (14)

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZI7OBCJQDNWMKLBP6MZ5NV4EUTDAMX6Q/

Url: http://www.openwall.com/lists/oss-security/2021/05/04/4

Url: https://github.com/torvalds/linux/commit/801c6058d14a82179a7ee17a4b532cac6fad067f

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VWCZ6LJLENL2C3URW5ICARTACXPFCFN2/

Url: https://access.redhat.com/security/cve/CVE-2021-31829

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI7OBCJQDNWMKLBP6MZ5NV4EUTDAMX6Q/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4X2G5YAPYJGI3PFEZZNOTRYI33GOCCZ/

Url: https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4X2G5YAPYJGI3PFEZZNOTRYI33GOCCZ/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-31829

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-31829

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VWCZ6LJLENL2C3URW5ICARTACXPFCFN2/

Url: https://security-tracker.debian.org/tracker/CVE-2021-31829

Url: https://www.mend.io/vulnerability-database/CVE-2021-31829

Severity Score

5.5

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version linux-libc-headers - 5.8;linux-libc-headers - 5.13

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-31829

Good to know:

Date: May 6, 2021

Language: C

Severity Score

Related Resources (14)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?