Your submission was sent successfully! Close

CVE-2021-31829

Published: 6 May 2021

kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel.

From the Ubuntu security team

Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly prevent speculative loads in certain situations. A local attacker could use this to expose sensitive information (kernel memory).

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
linux-aws-5.8
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

groovy Does not exist

hirsute Does not exist

focal
Released (5.8.0-1038.40~20.04.1)
upstream
Released (5.13~rc1)
impish Does not exist

jammy Does not exist

linux-azure-5.8
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

groovy Does not exist

hirsute Does not exist

focal
Released (5.8.0-1036.38~20.04.1)
upstream
Released (5.13~rc1)
impish Does not exist

jammy Does not exist

linux-gcp-5.8
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc1)
focal
Released (5.8.0-1035.37~20.04.1)
impish Does not exist

jammy Does not exist

linux-oracle-5.8
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

groovy Does not exist

hirsute Does not exist

focal
Released (5.8.0-1033.34~20.04.1)
upstream
Released (5.13~rc1)
impish Does not exist

jammy Does not exist

linux-riscv-5.8
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

groovy Does not exist

hirsute Does not exist

focal
Released (5.8.0-29.31~20.04.1)
upstream
Released (5.13~rc1)
impish Does not exist

jammy Does not exist

linux
Launchpad, Ubuntu, Debian
hirsute
Released (5.11.0-22.23)
impish Not vulnerable
(5.11.0-20.21+21.10.1)
upstream
Released (5.13~rc1)
precise Ignored
(was needs-triage ESM criteria)
trusty Ignored
(was needed ESM criteria)
xenial Ignored
(was needed ESM criteria)
bionic
Released (4.15.0-151.157)
groovy
Released (5.8.0-59.66)
jammy Not vulnerable
(5.13.0-19.19)
focal
Released (5.4.0-77.86)
linux-hwe-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-77.86~18.04.1)
impish Does not exist

upstream
Released (5.13~rc1)
precise Does not exist

trusty Does not exist

xenial Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

linux-bluefield
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

hirsute Does not exist

upstream
Released (5.13~rc1)
focal
Released (5.4.0-1013.16)
impish Does not exist

jammy Does not exist

linux-hwe-5.11
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

hirsute Does not exist

focal Not vulnerable
(5.11.0-22.23~20.04.1)
upstream
Released (5.13~rc1)
impish Does not exist

jammy Does not exist

linux-riscv-5.11
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

hirsute Does not exist

focal Not vulnerable
(5.11.0-1015.16~20.04.1)
upstream
Released (5.13~rc1)
impish Does not exist

jammy Does not exist

linux-hwe
Launchpad, Ubuntu, Debian
impish Does not exist

upstream
Released (5.13~rc1)
precise Does not exist

trusty Does not exist

xenial
Released (4.15.0-151.157~16.04.1)
bionic Ignored
(replaced by linux-hwe-5.4)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

linux-hwe-5.8
Launchpad, Ubuntu, Debian
impish Does not exist

upstream
Released (5.13~rc1)
precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Does not exist

focal
Released (5.8.0-59.66~20.04.1)
groovy Does not exist

hirsute Does not exist

jammy Does not exist

linux-hwe-edge
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Ignored
(superseded by linux-hwe)
bionic Ignored
(superseded by linux-hwe-5.4)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

upstream
Released (5.13~rc1)
linux-lts-trusty
Launchpad, Ubuntu, Debian
impish Does not exist

trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

precise Ignored
(was needs-triage ESM criteria)
jammy Does not exist

upstream
Released (5.13~rc1)
linux-lts-xenial
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Ignored
(was needed ESM criteria)
jammy Does not exist

upstream
Released (5.13~rc1)
linux-kvm
Launchpad, Ubuntu, Debian
impish Not vulnerable
(5.11.0-1009.9+21.10.1)
precise Does not exist

trusty Does not exist

xenial Ignored
(was needed ESM criteria)
bionic
Released (4.15.0-1097.99)
focal
Released (5.4.0-1041.42)
groovy
Released (5.8.0-1030.32)
hirsute
Released (5.11.0-1009.9)
jammy Not vulnerable
(5.13.0-1004.4)
upstream
Released (5.13~rc1)
linux-aws
Launchpad, Ubuntu, Debian
impish Not vulnerable
(5.11.0-1009.9+21.10.1)
upstream
Released (5.13~rc1)
precise Does not exist

trusty Ignored
(was needed ESM criteria)
xenial Ignored
(was needed ESM criteria)
bionic
Released (4.15.0-1109.116)
focal
Released (5.4.0-1051.53)
groovy
Released (5.8.0-1038.40)
hirsute
Released (5.11.0-1011.11)
jammy Not vulnerable
(5.13.0-1005.6)
linux-oem-5.13
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Not vulnerable
(5.13.0-1009.10)
hirsute Does not exist

upstream
Released (5.13~rc1)
impish Does not exist

jammy Does not exist

linux-aws-5.0
Launchpad, Ubuntu, Debian
impish Does not exist

upstream
Released (5.13~rc1)
precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-aws-5.3)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

linux-aws-5.3
Launchpad, Ubuntu, Debian
impish Does not exist

upstream
Released (5.13~rc1)
precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-aws-5.4)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

linux-aws-5.4
Launchpad, Ubuntu, Debian
impish Does not exist

upstream
Released (5.13~rc1)
precise Does not exist

trusty Does not exist

xenial Does not exist

bionic
Released (5.4.0-1051.53~18.04.1)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

linux-aws-hwe
Launchpad, Ubuntu, Debian
impish Does not exist

upstream
Released (5.13~rc1)
precise Does not exist

trusty Does not exist

xenial
Released (4.15.0-1109.116~16.04.1)
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

linux-azure
Launchpad, Ubuntu, Debian
impish Not vulnerable
(5.11.0-1007.7+21.10.1)
precise Does not exist

xenial
Released (4.15.0-1121.134~16.04.1)
bionic Ignored
(superseded by linux-azure-5.3)
focal
Released (5.4.0-1051.53)
groovy
Released (5.8.0-1036.38)
hirsute
Released (5.11.0-1009.9)
trusty
Released (4.15.0-1121.134~14.04.1)
upstream
Released (5.13~rc1)
jammy Not vulnerable
(5.13.0-1006.7)
linux-aws-5.11
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

hirsute Does not exist

impish Does not exist

focal Not vulnerable
(5.11.0-1009.9~20.04.2)
upstream
Released (5.13~rc1)
jammy Does not exist

linux-azure-5.11
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

hirsute Does not exist

impish Does not exist

focal Not vulnerable
(5.11.0-1007.7~20.04.2)
upstream
Released (5.13~rc1)
jammy Does not exist

linux-oracle-5.11
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

hirsute Does not exist

impish Does not exist

focal Not vulnerable
(5.11.0-1008.8~20.04.1)
upstream
Released (5.13~rc1)
jammy Does not exist

linux-azure-4.15
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

bionic
Released (4.15.0-1121.134)
upstream
Released (5.13~rc1)
jammy Does not exist

linux-azure-5.3
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-azure-5.4)
focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc1)
jammy Does not exist

linux-azure-5.4
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

bionic
Released (5.4.0-1051.53~18.04.1)
upstream
Released (5.13~rc1)
jammy Does not exist

linux-dell300x
Launchpad, Ubuntu, Debian
impish Does not exist

upstream
Released (5.13~rc1)
precise Does not exist

trusty Does not exist

xenial Does not exist

bionic
Released (4.15.0-1027.32)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

linux-azure-edge
Launchpad, Ubuntu, Debian
impish Does not exist

upstream
Released (5.13~rc1)
precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-azure-5.3)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

linux-gcp
Launchpad, Ubuntu, Debian
impish Not vulnerable
(5.11.0-1009.10+21.10.1)
upstream
Released (5.13~rc1)
precise Does not exist

trusty Does not exist

xenial
Released (4.15.0-1106.120~16.04.1)
bionic Ignored
(superseded by linux-gcp-5.3)
focal
Released (5.4.0-1046.49)
groovy
Released (5.8.0-1035.37)
hirsute
Released (5.11.0-1011.12)
jammy Not vulnerable
(5.13.0-1005.6)
linux-gcp-4.15
Launchpad, Ubuntu, Debian
impish Does not exist

upstream
Released (5.13~rc1)
precise Does not exist

trusty Does not exist

xenial Does not exist

bionic
Released (4.15.0-1106.120)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

linux-gcp-5.3
Launchpad, Ubuntu, Debian
impish Does not exist

upstream
Released (5.13~rc1)
precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-gcp-5.4)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

linux-gcp-5.4
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic
Released (5.4.0-1046.49~18.04.1)
focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc1)
jammy Does not exist

linux-gcp-edge
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-gcp-5.3)
focal Does not exist

groovy Does not exist

hirsute Does not exist

upstream
Released (5.13~rc1)
jammy Does not exist

linux-gke-4.15
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

bionic Ignored
(was needs-triage now end-of-life)
upstream
Released (5.13~rc1)
jammy Does not exist

linux-gke-5.0
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

bionic Ignored
(was needs-triage now end-of-life)
upstream
Released (5.13~rc1)
jammy Does not exist

linux-gke-5.3
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

bionic Ignored
(was needed now end-of-life)
upstream
Released (5.13~rc1)
jammy Does not exist

linux-gke-5.4
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

bionic
Released (5.4.0-1046.48~18.04.1)
upstream
Released (5.13~rc1)
jammy Does not exist

linux-gkeop
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Does not exist

groovy Does not exist

hirsute Does not exist

focal
Released (5.4.0-1018.19)
jammy Does not exist

upstream
Released (5.13~rc1)
linux-gkeop-5.4
Launchpad, Ubuntu, Debian
impish Does not exist

upstream
Released (5.13~rc1)
precise Does not exist

trusty Does not exist

xenial Does not exist

bionic
Released (5.4.0-1018.19~18.04.1)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

linux-oracle
Launchpad, Ubuntu, Debian
impish Not vulnerable
(5.11.0-1008.8+21.10.1)
precise Does not exist

trusty Does not exist

xenial
Released (4.15.0-1078.86~16.04.1)
bionic
Released (4.15.0-1078.86)
focal
Released (5.4.0-1048.52)
groovy
Released (5.8.0-1033.34)
hirsute
Released (5.11.0-1010.10)
jammy Not vulnerable
(5.13.0-1008.10)
upstream
Released (5.13~rc1)
linux-oracle-5.0
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-oracle-5.3)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

upstream
Released (5.13~rc1)
linux-oracle-5.3
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-oracle-5.4)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

upstream
Released (5.13~rc1)
linux-oracle-5.4
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

bionic
Released (5.4.0-1048.52~18.04.1)
jammy Does not exist

upstream
Released (5.13~rc1)
linux-oem
Launchpad, Ubuntu, Debian
impish Does not exist

upstream
Released (5.13~rc1)
precise Does not exist

trusty Does not exist

xenial Ignored
(superseded by linux-hwe)
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

linux-oem-5.6
Launchpad, Ubuntu, Debian
impish Does not exist

upstream
Released (5.13~rc1)
precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Ignored
(was needed now end-of-life)
groovy Does not exist

hirsute Does not exist

jammy Does not exist

linux-oem-5.10
Launchpad, Ubuntu, Debian
impish Does not exist

upstream
Released (5.13~rc1)
precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Does not exist

focal
Released (5.10.0-1029.30)
groovy Does not exist

hirsute Does not exist

jammy Does not exist

linux-oem-osp1
Launchpad, Ubuntu, Debian
impish Does not exist

upstream
Released (5.13~rc1)
precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

linux-raspi
Launchpad, Ubuntu, Debian
impish Not vulnerable
(5.13.0-1006.7)
precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Does not exist

focal
Released (5.4.0-1038.41)
groovy
Released (5.8.0-1029.32)
hirsute
Released (5.11.0-1012.13)
jammy Not vulnerable
(5.13.0-1008.9)
upstream
Released (5.13~rc1)
linux-raspi2
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

focal Ignored
(replaced by linux-raspi)
groovy Does not exist

hirsute Does not exist

bionic
Released (4.15.0-1092.98)
xenial Ignored
(was needs-triage now end-of-life)
jammy Does not exist

upstream
Released (5.13~rc1)
linux-raspi2-5.3
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Ignored
(was needed now end-of-life)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

upstream
Released (5.13~rc1)
linux-raspi-5.4
Launchpad, Ubuntu, Debian
impish Does not exist

upstream
Released (5.13~rc1)
precise Does not exist

trusty Does not exist

xenial Does not exist

bionic
Released (5.4.0-1038.41~18.04.1)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

linux-riscv
Launchpad, Ubuntu, Debian
impish Not vulnerable
(5.11.0-1010.10+21.10.2)
upstream
Released (5.13~rc1)
precise Does not exist

trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Ignored
(was needs-triage now end-of-life)
groovy
Released (5.8.0-29.31)
hirsute
Released (5.11.0-1012.12)
jammy Not vulnerable
(5.13.0-1004.4)
linux-snapdragon
Launchpad, Ubuntu, Debian
impish Does not exist

upstream
Released (5.13~rc1)
precise Does not exist

trusty Does not exist

xenial Ignored
(was needs-triage now end-of-life)
bionic
Released (4.15.0-1109.118)
focal Does not exist

groovy Does not exist

hirsute Does not exist

jammy Does not exist

linux-gke
Launchpad, Ubuntu, Debian
impish Does not exist

precise Does not exist

trusty Does not exist

bionic Does not exist

focal
Released (5.4.0-1046.48)
groovy Does not exist

hirsute Does not exist

jammy Not vulnerable
(5.15.0-1002.2)
upstream
Released (5.13~rc1)
xenial Ignored
(reached end of standard support)
linux-ibm
Launchpad, Ubuntu, Debian
impish Does not exist

trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Not vulnerable
(5.4.0-1003.4)
hirsute Does not exist

upstream
Released (5.13~rc1)
jammy Not vulnerable
(5.15.0-1002.2)
linux-gcp-5.11
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Not vulnerable
(5.11.0-1009.10~20.04.1)
hirsute Does not exist

impish Does not exist

upstream
Released (5.13~rc1)
jammy Does not exist

linux-oem-5.14
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

hirsute Does not exist

impish Does not exist

focal Not vulnerable
(5.14.0-1004.4)
upstream
Released (5.13~rc1)
jammy Does not exist

linux-intel-5.13
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Not vulnerable

hirsute Does not exist

impish Does not exist

upstream
Released (5.13~rc1)
jammy Does not exist

linux-azure-5.13
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Not vulnerable
(5.13.0-1009.10~20.04.2)
impish Does not exist

upstream
Released (5.13~rc1)
jammy Does not exist

linux-hwe-5.13
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Not vulnerable
(5.13.0-21.21~20.04.1)
impish Does not exist

upstream
Released (5.13~rc1)
jammy Does not exist

linux-aws-5.13
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Not vulnerable
(5.13.0-1008.9~20.04.2)
impish Does not exist

upstream
Released (5.13~rc1)
jammy Does not exist

linux-fips
Launchpad, Ubuntu, Debian
trusty Does not exist

bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

upstream
Released (5.13~rc1)
xenial Ignored
(was needed ESM criteria)
jammy Does not exist

linux-oracle-5.13
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

focal Not vulnerable
(5.13.0-1011.13~20.04.2)
upstream
Released (5.13~rc1)
jammy Does not exist

linux-gcp-5.13
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

focal Not vulnerable
(5.13.0-1008.9~20.04.3)
upstream
Released (5.13~rc1)
jammy Does not exist

linux-ibm-5.4
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

focal Does not exist

impish Does not exist

bionic Not vulnerable
(5.4.0-1010.11~18.04.2)
upstream
Released (5.13~rc1)
jammy Does not exist

linux-azure-fde
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

focal Needed

upstream
Released (5.13~rc1)
jammy Does not exist

linux-lowlatency
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

impish Does not exist

jammy Not vulnerable

upstream Needs triage

linux-oem-5.17
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

impish Does not exist

jammy Not vulnerable

upstream Needs triage