CVE-2021-35477

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee

https://www.openwall.com/lists/oss-security/2021/08/01/3

https://lists.fedoraproject.org/archives/list/[email protected]/message/6JKK6XNRZX5BT5QVYOKGVJ2BHFZAP5EX/

https://lists.fedoraproject.org/archives/list/[email protected]/message/565ZS55ZFEN62WVRRORT7R63RXW5F4T4/

https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html

Details

Source: MITRE

Published: 2021-08-02

Updated: 2021-11-11

Type: CWE-203

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (31 total)

IDNameProductFamilySeverity
155959SUSE SLES12 Security Update : kernel (SUSE-SU-2021:3972-1)NessusSuSE Local Security Checks
high
155930SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3969-1)NessusSuSE Local Security Checks
high
155910SUSE SLES12 Security Update : kernel (SUSE-SU-2021:3929-1)NessusSuSE Local Security Checks
high
155902SUSE SLES12 Security Update : kernel (SUSE-SU-2021:3935-1)NessusSuSE Local Security Checks
high
155840SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3876-1)NessusSuSE Local Security Checks
high
155824openSUSE 15 Security Update : kernel (openSUSE-SU-2021:3876-1)NessusSuSE Local Security Checks
high
155648SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2021:3748-1)NessusSuSE Local Security Checks
high
155577SUSE SLES12 Security Update : kernel (SUSE-SU-2021:3723-1)NessusSuSE Local Security Checks
high
155506EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-2745)NessusHuawei Local Security Checks
medium
155358openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1477-1)NessusSuSE Local Security Checks
high
155261EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2688)NessusHuawei Local Security Checks
high
155222Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5137-2)NessusUbuntu Local Security Checks
high
155119EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2713)NessusHuawei Local Security Checks
high
154980Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5137-1)NessusUbuntu Local Security Checks
high
154975openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1460-1)NessusSuSE Local Security Checks
high
154279Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5115-1)NessusUbuntu Local Security Checks
high
154133SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3415-1)NessusSuSE Local Security Checks
high
153799Ubuntu 20.04 LTS / 21.04 : Linux kernel vulnerabilities (USN-5092-2)NessusUbuntu Local Security Checks
high
153789Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5096-1)NessusUbuntu Local Security Checks
high
153770Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5092-1)NessusUbuntu Local Security Checks
high
153627SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:3207-1)NessusSuSE Local Security Checks
high
153625SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2021:3206-1)NessusSuSE Local Security Checks
high
153622SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:3205-1)NessusSuSE Local Security Checks
high
153616SUSE SLES12 Security Update : kernel (SUSE-SU-2021:3217-1)NessusSuSE Local Security Checks
high
153598openSUSE 15 Security Update : kernel (openSUSE-SU-2021:3205-1)NessusSuSE Local Security Checks
high
153542SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3179-1)NessusSuSE Local Security Checks
high
153541openSUSE 15 Security Update : kernel (openSUSE-SU-2021:3179-1)NessusSuSE Local Security Checks
high
153540SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3178-1)NessusSuSE Local Security Checks
high
153535SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3177-1)NessusSuSE Local Security Checks
high
153414openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1271-1)NessusSuSE Local Security Checks
high
152238Amazon Linux 2 : kernel (ALAS-2021-1696)NessusAmazon Linux Local Security Checks
low