PT-2021-3381 · Linux+6 · Linux Kernel+6
Adam Morrison
+3
·
Published
2021-06-22
·
Updated
2025-11-11
·
CVE-2021-33624
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 5.12.13
Description
The issue is related to a branch misprediction in the Linux kernel's eBPF subsystem, which can be exploited via a side-channel attack, allowing an unprivileged BPF program to read arbitrary memory locations. This vulnerability is connected to type confusion and can be used to bypass protection against Spectre-class attacks, potentially leading to unauthorized access to protected information. The exploitation requires manipulating BPF programs to generate specific instructions that can lead to speculative execution and memory leakage through side channels.
Recommendations
For Linux kernel versions prior to 5.12.13, update to version 5.12.13 or later to resolve the issue. As a temporary workaround, consider restricting the use of the eBPF subsystem until a patch is applied. Avoid using BPF programs that can be manipulated to generate instructions leading to speculative execution and memory leakage.
Exploit
Fix
Type Confusion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu