CVE-2021-20320

Published: Feb 18, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem.

Affected (7)

Products: Linux: Linux Kernel · Fedoraproject: Fedora · Redhat: Enterprise Linux

1 product

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 5.15
Linux Linux Kernel	Version 5.15
Linux Linux Kernel	Version 5.15 rc1
Linux Linux Kernel	Version 5.15 rc2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 34

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=2010090

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://lore.kernel.org/bpf/20210902185229.1840281-1-johan.almbladh%40anyfinetworks.com/

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2010090

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://lore.kernel.org/bpf/20210902185229.1840281-1-johan.almbladh%40anyfinetworks.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.