CVE-2021-29154

Advisory lineage Upstream: 0 Downstream: 40
Modified
Published: 08 Apr 2021, 00:00
Last modified:03 Aug 2024, 22:02

Vulnerability Summary

Overall Risk (default)
medium
31/100
CVSS Score
7.8 HIGH
v3.1 (nvd)
EPSS Score
0.04% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

08 Apr 2021, 00:00
Published
Vulnerability first disclosed
03 Aug 2024, 22:02
Last Modified
Vulnerability information updated

Description

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.

CVSS Metrics

  • v3.1HIGHScore: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • v2.0HIGHScore: 7.2AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.04% Percentile: 11%

Techniques & Countermeasures

  • CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')

    The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Affected Systems

  • debiandebian_linux

    9.0

  • fedoraprojectfedora

    33

  • linuxlinux_kernel

    ≥ 3.0, < 4.4.266 | ≥ 4.5, < 4.9.266 | ≥ 4.10, < 4.14.230 | ≥ 4.15, < 4.19.186 | ≥ 4.20, < 5.4.111 | ≥ 5.5, < 5.10.29 | ≥ 5.11, < 5.11.13

  • netappcloud_backup

    na

  • netapph300e

    na

  • netapph300s_firmware

    na

  • netapph410s_firmware

    na

  • netapph500e

    na

  • netapph500s_firmware

    na

  • netapph700e

    na

  • netapph700s_firmware

    na

  • netapphci_management_node

    na

  • netappsolidfire

    na

References (10)