PT-2021-2498 · Linux+4 · Linux Kernel+4

Piotr Krysiuk

Published

2021-03-17

Updated

2023-05-17

CVE-2020-27171

CVSS v2.0

6.2

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.11.8

Description: An issue in the Linux kernel affects the kernel/bpf/verifier.c file, causing an off-by-one error with a resultant integer underflow. This error leads to out-of-bounds speculation on pointer arithmetic, allowing side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory.

Recommendations: For Linux kernel versions prior to 5.11.8, update to version 5.11.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the kernel/bpf/verifier.c file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-193

Related Identifiers

ALT-PU-2021-1530

ALT-PU-2021-1540

ALT-PU-2021-1869

ALT-PU-2021-1888

ALT-PU-2021-1896

ALT-PU-2022-1240

ALT-PU-2022-1419

ALT-PU-2022-1421

ALT-PU-2023-1814

AZL-6526

BDU:2021-01874

CVE-2020-27171

DLA-2610-1

MGASA-2021-0151

MGASA-2021-0152

OESA-2021-1176

OPENSUSE-SU-2021:0532-1

OPENSUSE-SU-2021:0758-1

OPENSUSE-SU-2021:1975-1

OPENSUSE-SU-2021:1977-1

OPENSUSE-SU-2021_0532-1

OPENSUSE-SU-2021_0758-1

OPENSUSE-SU-2021_1975-1

OPENSUSE-SU-2021_1977-1

SUSE-SU-2021:1175-1

SUSE-SU-2021:1176-1

SUSE-SU-2021:1177-1

SUSE-SU-2021:1210-1

SUSE-SU-2021:1211-1

SUSE-SU-2021:1238-1

SUSE-SU-2021:1573-1

SUSE-SU-2021:1596-1

SUSE-SU-2021:1624-1

SUSE-SU-2021:1625-1

SUSE-SU-2021:1975-1

SUSE-SU-2021:1977-1

USN-4887-1

USN-4890-1

Affected Products

Alt Linux

Linuxmint

Linux Kernel

Suse

Ubuntu

PT-2021-2498 · Linux+4 · Linux Kernel+4

CVE-2020-27171

Weakness Enumeration

Related Identifiers

Affected Products

References · 634