Vulnerabilities > CVE-2021-35477 - Information Exposure Through Discrepancy vulnerability in multiple products

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
linux
fedoraproject
CWE-203

Summary

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.

Vulnerable Configurations

Part Description Count
OS
Linux
3718
OS
Fedoraproject
2

Common Weakness Enumeration (CWE)