CVE-2021-33624 — Type Confusion in Kernel

CWE-843 — Type Confusion CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-203 — Observable Discrepancy20 documents8 sources

Severity

4.7MEDIUMNVD

OSV6.5

EPSS

0.5%

top 35.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Debian Linux +6 more

Timeline

PublishedJun 23

Latest updateMay 24

Description

In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages10 packages

▶NVDlinux/linux_kernel< 5.12.13

▶Debianlinux/linux_kernel< 5.10.46-1+3

▶Ubuntulinux/linux_kernel< 5.4.0-88.99

▶msrcmsrc/cm1_kernel_5.10.60.1-1_on_cbl_mariner_1.0

▶msrcmsrc/cbl2_kernel_5.10.78.1-1_on_cbl_mariner_2.0

Also affects: Debian Linux 9.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-w9w3-f8q7-x576: In kernel/bpf/verifier↗2022-05-24

▶

OSV

linux-oem-5.10 vulnerabilities↗2021-10-20

▶

OSV

linux-azure, linux-azure-5.11 regression↗2021-10-18

▶

OSV

linux-azure, linux-azure-5.4 regression↗2021-10-15

▶

OSV

linux-raspi, linux-raspi-5.4 vulnerabilities↗2021-09-30

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OEM) vulnerabilities↗2021-10-20

▶

Ubuntu

Linux kernel (Azure) regression↗2021-10-18

▶

Ubuntu

Linux kernel (Azure) regression↗2021-10-15

▶

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2021-09-30

▶

Ubuntu

Linux kernel vulnerabilities↗2021-09-29

▶

📄Research Papers

arXiv

An Analysis of Speculative Type Confusion Vulnerabilities in the Wild↗2021-07-02

▶