Side-channel Attack

kernel is vulnerable to side-channel attack. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory...

RHEL 8 : kernel-rt (RHSA-2021:4140)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4140 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier

A flaw was found in kernel/bpf/verifier.c in BPF in the Linux kernel. An incorrect limit is enforced for pointer arithmetic operations which can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation. The highest threat from this vulnerability ...

kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier

A flaw was found in kernel/bpf/verifier.c in BPF in the Linux kernel. An incorrect limit is enforced for pointer arithmetic operations which can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation. The highest threat from this vulnerability ...

kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory

A vulnerability was discovered in retrieveptrlimit in kernel/bpf/verifier.c in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads Spectre mitigation. In this flaw a local, special user privileged CAPSYSADMIN BPF program running on affected systems may bypass the protection,...

Privilege Escalation

kernel is vulnerable to Privilege Escalation. An out-of-bounds read and write in kernel/bpf/verifier.c due to incorrect limits enforcement for pointer arithmetic operations can be abused to escalate privileges to root...

SUSE-SU-2021:2208-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in...

openSUSE 15 Security Update : kernel (openSUSE-SU-2021:0873-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0873-1 advisory. - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on point...

SUSE-SU-2021:2027-1 Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-2464 fixes several issues. The following issues were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory bsc1186484. -...

SUSE-SU-2021:1975-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes ...

Scientific Linux Security Update : kernel on SL7.x x86_64 (2021:2314)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2021:2314-1 advisory. - kernel: Integer overflow in IntelR Graphics Drivers CVE-2020-12362 - kernel: Use after free via PI futex state CVE-2021-3347 - kernel:...

bpftool, kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2021:2314 An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1899-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1899-1 advisory. - The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that received...

RHEL 7 : kernel (RHSA-2021:2314)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2314 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Integer overflow in IntelR...

SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1891-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1891-1 advisory. - The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require th...

SUSE: Security Advisory (SUSE-SU-2021:1574-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : kernel-rt (RHSA-2021:2316)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2316 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

SUSE: Security Advisory (SUSE-SU-2017:1389-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: Speculation on pointer arithmetic against bpf_context pointer

A flaw was found in the Linux kernels eBPF verification code. By default accessing the eBPF verifier is only accessible to privileged users with CAPSYSADMIN. A local user with the ability to insert eBPF instructions can use the eBPF verifier to abuse a spectre like flaw where they can infer all...

kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory leading to local privilege escalation to root. In particular there is a corner case where the off reg causes a masking direction change which then results in an incorrect final aux->alu_limit.

...