← Back

CVE-2021-45402

nvd nist
Published: Feb 11, 2022Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."

Affected (6)

Products: Linux: Linux Kernel
Linux
1 product
Linux Kernel
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
Before 5.16
Linux Kernel
Version 5.16 rc1
Linux Kernel
Version 5.16 rc2
Linux Kernel
Version 5.16 rc3
Linux Kernel
Version 5.16 rc4
Linux Kernel
Version 5.16 rc5

Related CWEs

CWE-668
Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (6)

Source: cve@mitre.org
ExploitPatchVendor Advisory
Source: cve@mitre.org
ExploitPatchVendor Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.