{"id":"CVE-2021-33624","details":"In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.","aliases":["A-192972537","PUB-A-192972537"],"modified":"2026-04-16T04:37:55.032154065Z","published":"2021-06-23T16:15:07.957Z","related":["SUSE-SU-2021:2303-1","SUSE-SU-2021:2305-1","SUSE-SU-2021:2321-1","SUSE-SU-2021:2324-1","SUSE-SU-2021:2325-1","SUSE-SU-2021:2349-1","SUSE-SU-2021:2352-1","SUSE-SU-2021:2421-1","SUSE-SU-2021:2422-1","SUSE-SU-2021:2426-1","SUSE-SU-2021:2427-1","openSUSE-SU-2021:2305-1","openSUSE-SU-2021:2352-1","openSUSE-SU-2021:2427-1"],"references":[{"type":"ADVISORY","url":"https://www.usenix.org/conference/usenixsecurity21/presentation/kirzner"},{"type":"REPORT","url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"},{"type":"FIX","url":"https://github.com/torvalds/linux/commit/9183671af6dbf60a1219371d4ed73e23f43b49db"},{"type":"PACKAGE","url":"https://github.com/benschlueter/CVE-2021-33624"},{"type":"EVIDENCE","url":"http://www.openwall.com/lists/oss-security/2021/06/21/1"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"5.12.13"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33624.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}