CVE-2021-38300
First published: Mon Sep 20 2021(Updated: )
arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux | 4.19.249-2 4.19.289-2 5.10.197-1 5.10.191-1 6.1.66-1 6.1.69-1 6.5.13-1 6.6.9-1 | |
| Linux Linux kernel | >=3.16<4.14.251 | |
| Linux Linux kernel | >=4.15<4.19.211 | |
| Linux Linux kernel | >=4.20<5.4.153 | |
| Linux Linux kernel | >=5.5<5.10.71 | |
| Linux Linux kernel | >=5.11<5.14.10 | |
| Netapp Cloud Backup | ||
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| Netapp H300e Firmware | ||
| Netapp H300e | ||
| Netapp H500e Firmware | ||
| Netapp H500e | ||
| Netapp H700e Firmware | ||
| Netapp H700e | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.openwall.com/lists/oss-security/2021/09/15/5
- https://lore.kernel.org/bpf/20210915160437.4080-1-piotras@gmail.com/
- https://security-tracker.debian.org/tracker/CVE-2021-38300
- http://www.openwall.com/lists/oss-security/2021/09/15/5
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.10
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=37cb28ec7d3a36a5bace7063a3dba633ab110f8b
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://security.netapp.com/advisory/ntap-20211008-0003/
- https://www.debian.org/security/2022/dsa-5096
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID is CVE-2021-38300.
What is the severity level of CVE-2021-38300?
The severity level of CVE-2021-38300 is high, with a severity value of 7.8.
Which version of the Linux kernel is affected by CVE-2021-38300?
The Linux kernel versions before 5.4.10 are affected by CVE-2021-38300.
What is the impact of CVE-2021-38300?
CVE-2021-38300 can allow execution of arbitrary code within the kernel context.
Where can I find more information about CVE-2021-38300?
You can find more information about CVE-2021-38300 in the references provided: [Reference 1](https://www.openwall.com/lists/oss-security/2021/09/15/5), [Reference 2](https://lore.kernel.org/bpf/20210915160437.4080-1-piotras@gmail.com/), [Reference 3](https://security-tracker.debian.org/tracker/CVE-2021-38300).
- collector/security-tracker-debian
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/references
- agent/author
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- package-manager/debian
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/3.16
- version/linux linux kernel/4.15
- version/linux linux kernel/4.20
- version/linux linux kernel/5.5
- version/linux linux kernel/5.11
- vendor/netapp
- canonical/netapp cloud backup
- canonical/netapp h410c firmware
- canonical/netapp h410c
- canonical/netapp h300s firmware
- canonical/netapp h300s
- canonical/netapp h500s firmware
- canonical/netapp h500s
- canonical/netapp h700s firmware
- canonical/netapp h700s
- canonical/netapp h300e firmware
- canonical/netapp h300e
- canonical/netapp h500e firmware
- canonical/netapp h500e
- canonical/netapp h700e firmware
- canonical/netapp h700e
- canonical/netapp h410s firmware
- canonical/netapp h410s
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0