CVE-2021-38300

Published: Sep 20, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.

Affected (16)

Products: Linux: Linux Kernel · Netapp: Cloud Backup, H410c Firmware, H300s Firmware, H500s Firmware, H700s Firmware, H300e Firmware, H500e Firmware, H700e Firmware, H410s Firmware · Debian: Debian Linux

1 product

9 products

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 3.16 to 4.14.251
Linux Linux Kernel	From 4.15 to 4.19.211
Linux Linux Kernel	From 4.20 to 5.4.153
Linux Linux Kernel	From 5.11 to 5.14.10
Linux Linux Kernel	From 5.5 to 5.10.71

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Cloud Backup	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410c Firmware	All versions

Running on/with	Platform Versions
Netapp H410c	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300s Firmware	All versions

Running on/with	Platform Versions
Netapp H300s	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500s Firmware	All versions

Running on/with	Platform Versions
Netapp H500s	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700s Firmware	All versions

Running on/with	Platform Versions
Netapp H700s	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300e Firmware	All versions

Running on/with	Platform Versions
Netapp H300e	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500e Firmware	All versions

Running on/with	Platform Versions
Netapp H500e	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700e Firmware	All versions

Running on/with	Platform Versions
Netapp H700e	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410s Firmware	All versions

Running on/with	Platform Versions
Netapp H410s	All versions

Configuration K

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

References (12)

http://www.openwall.com/lists/oss-security/2021/09/15/5

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.10

Source: cve@mitre.org

Mailing ListVendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=37cb28ec7d3a36a5bace7063a3dba633ab110f8b

Source: cve@mitre.org

ExploitMailing ListPatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20211008-0003/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2022/dsa-5096

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2021/09/15/5