Bug 2002750 (CVE-2021-38300) - CVE-2021-38300 kernel: crafting anomalous machine code may lead to arbitrary Kernel code execution
Summary: CVE-2021-38300 kernel: crafting anomalous machine code may lead to arbitrary ...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2021-38300
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2004941
Blocks: 2002751
TreeView+ depends on / blocked
 
Reported: 2021-09-09 15:46 UTC by Marian Rehak
Modified: 2021-09-16 18:21 UTC (History)
45 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel. The cBPF JIT compiler may produce machine code with incorrect branches. This flaw allows an unprivileged user to craft anomalous machine code, where the control flow is hijacked to execute arbitrary kernel code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Clone Of:
Environment:
Last Closed: 2021-09-16 18:21:18 UTC
Embargoed:

Attachments (Terms of Use)

Description Marian Rehak 2021-09-09 15:46:34 UTC 
The cBPF JIT compiler may produce machine code with incorrect branches, which can be abused to craft anomalous machine code by an unprivileged user, where the control flow is hijacked to execute arbitrary Kernel code.
Comment 2 Guilherme de Almeida Suckevicz 2021-09-16 13:28:17 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2004941]
Comment 4 Product Security DevOps Team 2021-09-16 18:21:18 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-38300
Note You need to log in before you can comment on or make changes to this bug.