PT-2021-22022 · Linux+1 · Linux Kernel+1

Piotr Krysiuk

Published

2021-09-20

Updated

2023-08-14

CVE-2021-38300

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.4.10

Description: The issue in the Linux kernel allows for the generation of undesirable machine code when transforming unprivileged cBPF programs, enabling the execution of arbitrary code within the kernel context. This occurs due to conditional branches exceeding the 128 KB limit of the MIPS architecture.

Recommendations: For Linux kernel versions prior to 5.4.10, update to version 5.4.10 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2021-2989

ALT-PU-2021-2996

ALT-PU-2021-2998

ALT-PU-2021-3015

ALT-PU-2021-3021

ALT-PU-2021-3022

ALT-PU-2021-3035

ALT-PU-2021-3055

ALT-PU-2021-3067

ALT-PU-2021-3070

ALT-PU-2021-3451

ALT-PU-2021-3458

ALT-PU-2021-3468

ALT-PU-2021-3477

ALT-PU-2021-3563

ALT-PU-2021-3573

ALT-PU-2022-2096

ALT-PU-2023-4894

AZL-6594

CVE-2021-38300

DLA-2941-1

DSA-5096-1

OESA-2021-1379

Affected Products

Alt Linux

Linux Kernel

PT-2021-22022 · Linux+1 · Linux Kernel+1

CVE-2021-38300

Related Identifiers

Affected Products

References · 29