Benedict Schlueter

Name of the Vulnerable Software and Affected Versions: Gramine versions prior to a390e33e16ed374a40de2344562a937f289be2e1 Description: The issue is related to an interface vulnerability due to mismatching software signals versus hardware exceptions. This occurs because the software signals do not properly match the hardware exceptions, leading to a vulnerability. Recommendations: For Gramine versions prior to a390e33e16ed374a40de2344562a937f289be2e1, consider updating to a version that includes the necessary fixes to address the interface vulnerability. As a temporary workaround, review and adjust the signal handling mechanisms to ensure proper matching of software signals with hardware exceptions. However, since the exact fix version is not specified, the best course of action would be to wait for an official update from the developers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions up to 5.13.7 **Description** The issue allows an unprivileged BPF program to obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack. This is possible because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. The vulnerability can be exploited to read parts of the kernel memory. **Recommendations** For Linux kernel versions up to 5.13.7, update to a version later than 5.13.7 to resolve the issue. As a temporary workaround, consider restricting the use of BPF programs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.12.13 **Description** The issue is related to a branch misprediction in the Linux kernel's eBPF subsystem, which can be exploited via a side-channel attack, allowing an unprivileged BPF program to read arbitrary memory locations. This vulnerability is connected to type confusion and can be used to bypass protection against Spectre-class attacks, potentially leading to unauthorized access to protected information. The exploitation requires manipulating BPF programs to generate specific instructions that can lead to speculative execution and memory leakage through side channels. **Recommendations** For Linux kernel versions prior to 5.12.13, update to version 5.12.13 or later to resolve the issue. As a temporary workaround, consider restricting the use of the eBPF subsystem until a patch is applied. Avoid using BPF programs that can be manipulated to generate instructions leading to speculative execution and memory leakage.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.12.1 **Description** The issue is related to the Linux kernel's BPF subsystem, which has weaknesses in its authorization mechanism. This can allow an attacker to gain unauthorized access to protected information. Specifically, the kernel/bpf/verifier.c in the Linux kernel performs undesirable speculative loads, leading to the disclosure of stack content via side-channel attacks. The BPF stack area is not protected against speculative loads, and it can contain uninitialized data that might represent sensitive information previously operated on by the kernel. **Recommendations** For Linux kernel versions through 5.12.1, consider updating to a version that addresses the issue with speculative loads in the BPF subsystem to prevent unauthorized access to sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.11.x **Description** An issue in the Linux kernel allows for undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks. This can defeat Spectre mitigations and obtain sensitive information from kernel memory. The issue is related to the `kernel/bpf/verifier.c` component and involves the incorrect accounting of pointer modification during sequences of pointer arithmetic operations. **Recommendations** For Linux kernel versions through 5.11.x, consider applying a patch or update that addresses the issue in `kernel/bpf/verifier.c` to prevent out-of-bounds speculation on pointer arithmetic. As a temporary workaround, consider restricting access to sensitive kernel memory or disabling the `verifier.c` component until a patch is available.