An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 03:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-03-20 22:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-27170
Mitre link : CVE-2020-27170
CVE.ORG link : CVE-2020-27170
JSON object : View
Products Affected
linux
- linux_kernel
fedoraproject
- fedora
canonical
- ubuntu_linux
debian
- debian_linux
CWE
CWE-203
Observable Discrepancy