Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2021-38300

Good to know:

icon

Date: September 20, 2021

arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.

Language: C

Severity Score

Related Resources (10)

https://nvd.nist.gov/vuln/detail/CVE-2021-38300
https://security-tracker.debian.org/tracker/CVE-2021-38300
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.10
https://people.canonical.com/~ubuntu-security/cve/CVE-2021-38300
http://www.openwall.com/lists/oss-security/2021/09/15/5
https://www.debian.org/security/2022/dsa-5096
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
https://security.netapp.com/advisory/ntap-20211008-0003/
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=37cb28ec7d3a36a5bace7063a3dba633ab110f8b
https://www.mend.io/vulnerability-database/CVE-2021-38300

Severity Score

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

icon

Upgrade Version

Upgrade to version v4.14.251,v4.19.211,v5.4.153,v5.10.71,v5.14.10,v5.15-rc4

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us