Bug 1974456 (CVE-2021-33624)

Summary: CVE-2021-33624 kernel: Linux kernel BPF protection against speculative execution attacks can be bypassed to read arbitrary kernel memory
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, adscvr, airlied, alciregi, bhu, blc, chwhite, crwood, dvlasenk, hdegoede, hkrzesin, jarod, jarodwilson, jeremy, jforbes, jlelli, jonathan, josef, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, mlangsdo, nmurray, ptalbert, qzhao, rkeshri, rvrbovsk, steved, walters, wcosta, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel 5.13 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel's BPF subsystem, where protection against speculative execution attacks (Spectre mitigation) can be bypassed. The highest threat from this vulnerability is to confidentiality.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1978299, 1978300, 1978301, 1978302, 1974457, 1976848, 1976849    
Bug Blocks: 1974458    

Description Pedro Sampaio 2021-06-21 18:14:42 UTC 
A flaw was found in the Linux kernel's BPF subsystem in sanitize_ptr_alu in kernel/bpf/verifier.c, where protection against speculative execution attacks (Spectre mitigation) can be bypassed. The highest threat from this vulnerability is to confidentiality.

References:

https://www.openwall.com/lists/oss-security/2021/06/21/1
Comment 1 Pedro Sampaio 2021-06-21 18:15:20 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1974457]