5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0005 Low
EPSS
Percentile
14.8%
kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs
undesirable speculative loads, leading to disclosure of stack content via
side-channel attacks, aka CID-801c6058d14a. The specific concern is not
protecting the BPF stack area against speculative loads. Also, the BPF
stack can contain uninitialized data that might represent sensitive
information previously operated on by the kernel.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 21.04 | noarch | linux | < 5.11.0-22.23 | UNKNOWN |
ubuntu | 18.04 | noarch | linux | < 4.15.0-151.157 | UNKNOWN |
ubuntu | 20.10 | noarch | linux | < 5.8.0-59.66 | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < 5.4.0-77.86 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1109.116 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1051.53 | UNKNOWN |
ubuntu | 20.10 | noarch | linux-aws | < 5.8.0-1038.40 | UNKNOWN |
ubuntu | 21.04 | noarch | linux-aws | < 5.11.0-1011.11 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < 5.4.0-1051.53~18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.8 | < 5.8.0-1038.40~20.04.1 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2021-31829
nvd.nist.gov/vuln/detail/CVE-2021-31829
security-tracker.debian.org/tracker/CVE-2021-31829
ubuntu.com/security/notices/USN-4983-1
ubuntu.com/security/notices/USN-4997-1
ubuntu.com/security/notices/USN-4997-2
ubuntu.com/security/notices/USN-4999-1
ubuntu.com/security/notices/USN-5000-1
ubuntu.com/security/notices/USN-5000-2
ubuntu.com/security/notices/USN-5018-1
www.cve.org/CVERecord?id=CVE-2021-31829
www.openwall.com/lists/oss-security/2021/05/04/4
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0005 Low
EPSS
Percentile
14.8%