7.8

CVE-2021-29154

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.0 < 4.4.266
LinuxLinux Kernel Version >= 4.5 < 4.9.266
LinuxLinux Kernel Version >= 4.10 < 4.14.230
LinuxLinux Kernel Version >= 4.15 < 4.19.186
LinuxLinux Kernel Version >= 4.20 < 5.4.111
LinuxLinux Kernel Version >= 5.5 < 5.10.29
LinuxLinux Kernel Version >= 5.11 < 5.11.13
FedoraprojectFedora Version33
DebianDebian Linux Version9.0
NetappCloud Backup Version-
NetappSolidfire Version-
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappH300e Firmware Version-
   NetappH300e Version-
NetappH500e Firmware Version-
   NetappH500e Version-
NetappH700e Firmware Version-
   NetappH700e Version-
NetappH410s Firmware Version-
   NetappH410s Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.93% 0.563
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

https://www.oracle.com/security-alerts/cpujul2022.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/
http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html
Third Party Advisory
VDB Entry
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26f55a59dc65ff77cd1c4b37991e26497fc68049
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4d4d456436bfb2fe412ee2cd489f7658449b098
https://news.ycombinator.com/item?id=26757760
Third Party Advisory
Issue Tracking
https://security.netapp.com/advisory/ntap-20210604-0006/
Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/04/08/1
Patch
Third Party Advisory
Mailing List