ALAS2-2021-1696 --- kernelID: oval:org.secpod.oval:def:1700696 | Date: (C)2021-08-10 (M)2024-04-17 |
Class: PATCH | Family: unix |
A flaw was found in the Linux kernel, where an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack. This issue occurs when the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. The highest threat from this vulnerability is to confidentiality. A flaw in the Linux kernel allows a privileged BPF program to obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel in the eBPF subsystem A vulnerability was found in the Linux kernel. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory
Product: |
kernel |
python-perf |
perf |