Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2021-34556

Published: August 2, 2021Last modified: November 8, 2023

Description

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.

Severity score breakdown

ParameterValue
Base score5.5
Attack VectorLOCAL
Attack complexityLOW
Privileges requiredLOW
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactNONE
Availability impactNONE
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Status

ProductReleasePackageStatus
Alpaquita LinuxStreamlinux-ltsUnknown (6.1.33-r0)

References

ON THIS PAGE