CVE-2021-29154

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.

Published: Apr 8, 2021
Updated: Nov 16, 2025
CVE: CVE-2021-29154
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	3.0	4.4.266
linux / linux_kernel	4.5	4.9.266
linux / linux_kernel	4.10	4.14.230
linux / linux_kernel	4.15	4.19.186
linux / linux_kernel	4.20	5.4.111
linux / linux_kernel	5.5	5.10.29
linux / linux_kernel	5.11	5.11.13
fedoraproject / fedora	33	33.x
debian / debian_linux	9.0	9.0.x

http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26f55a59dc65ff77cd1c4b37991e26497fc68049
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4d4d456436bfb2fe412ee2cd489f7658449b098
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/
https://news.ycombinator.com/item?id=26757760
https://security.netapp.com/advisory/ntap-20210604-0006/
https://www.openwall.com/lists/oss-security/2021/04/08/1
https://www.oracle.com/security-alerts/cpujul2022.html

Vulnerability Database

319,592

CVE-2021-29154

Deep Security Visibility Without the Complexity