1989212 – (CVE-2021-34556) CVE-2021-34556 kernel: BPF program can obtain sensitive information from kernel memory via a speculative store bypass side-channel attack because of the possibility of uninitialized memory locations on the BPF stack

Bug 1989212 (CVE-2021-34556) - CVE-2021-34556 kernel: BPF program can obtain sensitive information from kernel memory via a speculative store bypass side-channel attack because of the possibility of uninitialized memory locations on the BPF stack

Summary: CVE-2021-34556 kernel: BPF program can obtain sensitive information from kern...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2021-34556
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1989213 1990228 1990229 1990755 1992588
Blocks:	1989214
TreeView+	depends on / blocked

Reported:	2021-08-02 16:39 UTC by Guilherme de Almeida Suckevicz
Modified:	2022-07-22 11:46 UTC (History)
CC List:	45 users (show)
Fixed In Version:	kernel 5.14-rc4
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the Linux kernel, where a BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack. This issue occurs when the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. The highest threat from this vulnerability is to confidentiality.
Clone Of:
Environment:
Last Closed:	2021-11-08 01:50:56 UTC
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-08-02 16:39:52 UTC

In the Linux kernel an privileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.

References:
http://www.openwall.com/lists/oss-security/2021/08/01/3
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee

Comment 1 Guilherme de Almeida Suckevicz 2021-08-02 16:40:36 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1989213]

Comment 7 juneau 2021-08-09 19:17:27 UTC

Marking OCP v3-based services affected/ooss, v4 and quay-io affected/delegated.

Note You need to log in before you can comment on or make changes to this bug.

acaringi
adscvr
airlied
alciregi
bdettelb
bhu
blc
brdeoliv
bskeggs
chwhite
crwood
dhoward
dvlasenk
fhrbata
fpacheco
hdegoede
hkrzesin
jarod
jarodwilson
jeremy
jforbes
jlelli
jonathan
josef
jpazdziora
jshortt
jstancek
jwboyer
kcarcia
kernel-maint
kernel-mgr
lgoncalv
linville
masami256
mchehab
mlangsdo
nmurray
pmatouse
ptalbert
qzhao
rvrbovsk
steved
tomckay
walters
williams