CVE-2021-20320

A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem.

Published: Feb 18, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-20320
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	5.15-rc2	5.15-rc2.x
linux / linux_kernel	5.15	5.15.x
linux / linux_kernel	5.15-rc1	5.15-rc1.x
linux / linux_kernel	-	5.15
fedoraproject / fedora	34	34.x
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_linux	8.0	8.0.x

https://bugzilla.redhat.com/show_bug.cgi?id=2010090
https://lore.kernel.org/bpf/20210902185229.1840281-1-johan.almbladh@anyfinetworks.com/
https://lore.kernel.org/bpf/20210902185229.1840281-1-johan.almbladh%40anyfinetworks.com/

Vulnerability Database

CVE-2021-20320