CVE-2021-46908

Summary

In the Linux kernel, the following vulnerability has been resolved:

bpf: Use correct permission flag for mixed signed bounds arithmetic

We forbid adding unknown scalars with mixed signed bounds due to the spectre v1 masking mitigation. Hence this also needs bypass_spec_v1 flag instead of allow_ptr_leaks.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366 < 4f3ff11204eac0ee23acf64deecb3bad7b0db0c6affected
LinuxLinux2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366 < 4ccdc6c6cae38b91c871293fb0ed8c6845a61b51affected
LinuxLinux2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366 < 9601148392520e2e134936e76788fc2a6371e7beaffected
LinuxLinux5.8affected
LinuxLinux0 < 5.8unaffected
LinuxLinux5.10.32 <= 5.10.*unaffected
LinuxLinux5.11.16 <= 5.11.*unaffected
LinuxLinux5.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References