{"api_version":"1","generated_at":"2026-04-23T07:57:36+00:00","cve":"CVE-2021-31829","urls":{"html":"https://cve.report/CVE-2021-31829","api":"https://cve.report/api/cve/CVE-2021-31829.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-31829","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-31829"},"summary":{"title":"CVE-2021-31829","description":"kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2021-05-06 16:15:00","updated_at":"2023-11-07 03:35:00"},"problem_types":["CWE-863"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZI7OBCJQDNWMKLBP6MZ5NV4EUTDAMX6Q/","name":"FEDORA-2021-7c085ca697","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: kernel-5.11.19-200.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2021/05/04/4","name":"http://www.openwall.com/lists/oss-security/2021/05/04/4","refsource":"MISC","tags":[],"title":"oss-security - [CVE-2021-31829] Linux kernel protection of stack pointer against\n speculative pointer arithmetic can be bypassed to leak content of kernel memory","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4X2G5YAPYJGI3PFEZZNOTRYI33GOCCZ/","name":"FEDORA-2021-9c0276e935","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: kernel-5.11.19-100.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VWCZ6LJLENL2C3URW5ICARTACXPFCFN2/","name":"FEDORA-2021-5ad5249c43","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: kernel-tools-5.11.19-300.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VWCZ6LJLENL2C3URW5ICARTACXPFCFN2/","name":"FEDORA-2021-5ad5249c43","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: kernel-tools-5.11.19-300.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4X2G5YAPYJGI3PFEZZNOTRYI33GOCCZ/","name":"FEDORA-2021-9c0276e935","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 32 Update: kernel-5.11.19-100.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/torvalds/linux/commit/801c6058d14a82179a7ee17a4b532cac6fad067f","name":"https://github.com/torvalds/linux/commit/801c6058d14a82179a7ee17a4b532cac6fad067f","refsource":"MISC","tags":[],"title":"bpf: Fix leakage of uninitialized bpf stack under speculation · torvalds/linux@801c605 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html","name":"[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2690-1] linux-4.19 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI7OBCJQDNWMKLBP6MZ5NV4EUTDAMX6Q/","name":"FEDORA-2021-7c085ca697","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: kernel-5.11.19-200.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-31829","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31829","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"31829","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"31829","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"31829","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"31829","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"31829","vulnerable":"1","versionEndIncluding":"5.12.1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"31829","vulnerable":"1","versionEndIncluding":"5.12.1:","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-31829","qid":"159306","title":"Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9362)"},{"cve":"CVE-2021-31829","qid":"159307","title":"Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2021-9363)"},{"cve":"CVE-2021-31829","qid":"159492","title":"Oracle Enterprise Linux Security Update for kernel (ELSA-2021-4356)"},{"cve":"CVE-2021-31829","qid":"178679","title":"Debian Security Update for linux-4.19 (DLA 2690-1)"},{"cve":"CVE-2021-31829","qid":"179875","title":"Debian Security Update for linux (CVE-2021-31829)"},{"cve":"CVE-2021-31829","qid":"198402","title":"Ubuntu Security Notification for Linux kernel (OEM) vulnerabilities (USN-4983-1)"},{"cve":"CVE-2021-31829","qid":"198416","title":"Ubuntu Security Notification for Linux kernel vulnerabilities (USN-4997-1)"},{"cve":"CVE-2021-31829","qid":"198417","title":"Ubuntu Security Notification for Linux kernel vulnerabilities (USN-4999-1)"},{"cve":"CVE-2021-31829","qid":"198418","title":"Ubuntu Security Notification for Linux kernel vulnerabilities (USN-5000-1)"},{"cve":"CVE-2021-31829","qid":"198425","title":"Ubuntu Security Notification for Linux kernel (KVM) vulnerabilities (USN-5000-2)"},{"cve":"CVE-2021-31829","qid":"198426","title":"Ubuntu Security Notification for Linux kernel (KVM) vulnerabilities (USN-4997-2)"},{"cve":"CVE-2021-31829","qid":"198459","title":"Ubuntu Security Notification for Linux, Linux-aws, Linux-aws-hwe, Linux-azure, Linux-azure-4.15, Linux-gcp, (USN-5018-1)"},{"cve":"CVE-2021-31829","qid":"239816","title":"Red Hat Update for kernel security (RHSA-2021:4356)"},{"cve":"CVE-2021-31829","qid":"239879","title":"Red Hat Update for kernel-rt (RHSA-2021:4140)"},{"cve":"CVE-2021-31829","qid":"281177","title":"Fedora Security Update for kernel (FEDORA-2021-9c0276e935)"},{"cve":"CVE-2021-31829","qid":"281178","title":"Fedora Security Update for kernel (FEDORA-2021-7c085ca697)"},{"cve":"CVE-2021-31829","qid":"281179","title":"Fedora Security Update for kernel (FEDORA-2021-5ad5249c43)"},{"cve":"CVE-2021-31829","qid":"352366","title":"Amazon Linux Security Advisory for kernel: ALAS-2021-1503"},{"cve":"CVE-2021-31829","qid":"352375","title":"Amazon Linux Security Advisory for kernel: ALAS2-2021-1636"},{"cve":"CVE-2021-31829","qid":"353148","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-003"},{"cve":"CVE-2021-31829","qid":"353159","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-001"},{"cve":"CVE-2021-31829","qid":"6140161","title":"AWS Bottlerocket Security Update for kernel (GHSA-9f3j-c23v-mp5f)"},{"cve":"CVE-2021-31829","qid":"670488","title":"EulerOS Security Update for kernel (EulerOS-SA-2021-2246)"},{"cve":"CVE-2021-31829","qid":"670514","title":"EulerOS Security Update for kernel (EulerOS-SA-2021-2272)"},{"cve":"CVE-2021-31829","qid":"670543","title":"EulerOS Security Update for kernel (EulerOS-SA-2021-2301)"},{"cve":"CVE-2021-31829","qid":"900096","title":"CBL-Mariner Linux Security Update for kernel 5.10.52.1"},{"cve":"CVE-2021-31829","qid":"900304","title":"CBL-Mariner Linux Security Update for kernel 5.10.57.1"},{"cve":"CVE-2021-31829","qid":"900319","title":"CBL-Mariner Linux Security Update for kernel 5.10.60.1"},{"cve":"CVE-2021-31829","qid":"901108","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6557-1)"},{"cve":"CVE-2021-31829","qid":"903649","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (4179)"},{"cve":"CVE-2021-31829","qid":"906242","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (4179-1)"},{"cve":"CVE-2021-31829","qid":"940265","title":"AlmaLinux Security Update for kernel (ALSA-2021:4356)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2021-31829","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"MLIST","name":"[oss-security] 20210504 [CVE-2021-31829] Linux kernel protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory","url":"http://www.openwall.com/lists/oss-security/2021/05/04/4"},{"refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2021/05/04/4","url":"http://www.openwall.com/lists/oss-security/2021/05/04/4"},{"refsource":"MISC","name":"https://github.com/torvalds/linux/commit/801c6058d14a82179a7ee17a4b532cac6fad067f","url":"https://github.com/torvalds/linux/commit/801c6058d14a82179a7ee17a4b532cac6fad067f"},{"refsource":"FEDORA","name":"FEDORA-2021-9c0276e935","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4X2G5YAPYJGI3PFEZZNOTRYI33GOCCZ/"},{"refsource":"FEDORA","name":"FEDORA-2021-5ad5249c43","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VWCZ6LJLENL2C3URW5ICARTACXPFCFN2/"},{"refsource":"FEDORA","name":"FEDORA-2021-7c085ca697","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI7OBCJQDNWMKLBP6MZ5NV4EUTDAMX6Q/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update","url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"}]}},"nvd":{"publishedDate":"2021-05-06 16:15:00","lastModifiedDate":"2023-11-07 03:35:00","problem_types":["CWE-863"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"5.12.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"31829","Ordinal":"207124","Title":"CVE-2021-31829","CVE":"CVE-2021-31829","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"31829","Ordinal":"1","NoteData":"kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"31829","Ordinal":"2","NoteData":"2021-05-06","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"31829","Ordinal":"3","NoteData":"2021-06-22","Type":"Other","Title":"Modified"}]}}}