In the Linux kernel through 5.13.7 an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.

...

MGASA-2021-0397 Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.56 and fixes at least the following security issues: In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism...

Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2021-60511)

Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based distributed operating system. Huawei HarmonyOS suffers from a denial-of-service vulnerability that can be exploited by local attackers to cause a kernel memory leak...

CVE-2021-22424

A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Local attackers may exploit this vulnerability to cause Kernel Denial of Service...

CVE-2021-22417

A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Memory Leakage...

CVE-2021-22424

A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Local attackers may exploit this vulnerability to cause Kernel Denial of Service...

CVE-2021-22417

A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Memory Leakage...

Code injection

A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Memory Leakage...

Memory corruption

A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Local attackers may exploit this vulnerability to cause Kernel Denial of Service...

CVE-2021-22417

CVE-2021-22417 affects HarmonyOS; a component suffers Data Processing Errors that can allow local attackers to cause kernel memory leakage. Documented impact includes LOCAL access with high availability impact, but concrete details on affected versions, exploitation specifics, and fixes are not p...

CVE-2021-22417

A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Memory Leakage...

AZL-6566 CVE-2021-34556 affecting package kernel for versions less than 5.10.78.1-1

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack...

DEBIAN-CVE-2021-34556

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack...

UBUNTU-CVE-2021-34556

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack...

CVE-2021-35477

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled...

DEBIAN-CVE-2021-35477

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled...

UBUNTU-CVE-2021-35477

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled...

CVE-2021-34556

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel version 5.13.7 and earlier versions that allows an attacker to obtain sensitive information from kernel memory...

ASB-A-175193031

In futexsetuptimer and related functions of futex.c, there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...