Bug 1989212 (CVE-2021-34556) - CVE-2021-34556 kernel: BPF program can obtain sensitive information from kernel memory via a speculative store bypass side-channel attack because of the possibility of uninitialized memory locations on the BPF stack
Summary: CVE-2021-34556 kernel: BPF program can obtain sensitive information from kern...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-34556
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1989213 1990228 1990229 1990755 1992588
Blocks: 1989214
TreeView+ depends on / blocked
 
Reported: 2021-08-02 16:39 UTC by Guilherme de Almeida Suckevicz
Modified: 2022-07-22 11:46 UTC (History)
45 users (show)

Fixed In Version: kernel 5.14-rc4
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel, where a BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack. This issue occurs when the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. The highest threat from this vulnerability is to confidentiality.
Clone Of:
Environment:
Last Closed: 2021-11-08 01:50:56 UTC
Embargoed:


Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-08-02 16:39:52 UTC
In the Linux kernel an privileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.

References:
http://www.openwall.com/lists/oss-security/2021/08/01/3
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee

Comment 1 Guilherme de Almeida Suckevicz 2021-08-02 16:40:36 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1989213]

Comment 7 juneau 2021-08-09 19:17:27 UTC
Marking OCP v3-based services affected/ooss, v4 and quay-io affected/delegated.


Note You need to log in before you can comment on or make changes to this bug.