Wind River Support Network

HomeDefectsLIN1021-2820
Fixed

LIN1021-2820 : Security Advisory - linux - CVE-2021-45402

Created: Feb 13, 2022    Updated: Feb 16, 2022
Resolved Date: Feb 15, 2022
Previous ID: LINCD-8227
Found In Version: 10.21.20.7
Fix Version: 10.21.20.9
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Kernel

Description

The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."

CREATE(Triage):(User=admin) CVE-2021-45402 (https://nvd.nist.gov/vuln/detail/CVE-2021-45402)

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube