CVE-2021-29155

MEDIUM

Linux Kernel < 5.11.16 - Out-of-Bounds Read

Title source: rule

Description

An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.

Exploits (2)

nomisec WORKING POC 3 stars

by benschlueter · poc

https://github.com/benschlueter/CVE-2021-29155

View Code ZIP pw:eip

inthewild WORKING POC

poc

https://github.com/kakashiiiiy/cve-2021-29155

View Code ZIP pw:eip

References (14)

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/

[Vendor Advisory] https://www.kernel.org

[Mailing List, Patch, Third Party Advisory] https://www.openwall.com/lists/oss-security/2021/04/18/4

[Patch] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073815b756c51ba9d8384d924c5d1c03ca3d1ae4

[Patch] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=24c109bb1537c12c02aeed2d51a347b4d6a9b76e

[Patch] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f55b2f2a1178856c19bbce2f71449926e731914

[Patch] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7fedb63a8307dda0ec3b8969a3b233a1dd7ea8e0

[Patch] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9601148392520e2e134936e76788fc2a6371e7be

[Patch] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a6aaece00a57fa6f22575364b3903dfbccf5345d

[Patch] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b658bbb844e28f1862867f37e8ca11a8e2aa94a3

[Patch] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f528819334881fd622fdadeddb3f7edaed8b7c9b

Scores

CVSS v3 5.5

EPSS 0.0021

EPSS Percentile 43.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-125

Status published

Affected Products (5)

linux/linux_kernel < 5.11.16

fedoraproject/fedora

fedoraproject/fedora

fedoraproject/fedora

debian/debian_linux

Timeline

Published Apr 20, 2021

Tracked Since Feb 18, 2026