{"id":"CVE-2021-34556","details":"In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.","aliases":["A-196011539","PUB-A-196011539"],"modified":"2026-04-16T04:31:13.592458577Z","published":"2021-08-02T05:15:07.663Z","related":["SUSE-SU-2021:3177-1","SUSE-SU-2021:3178-1","SUSE-SU-2021:3179-1","SUSE-SU-2021:3205-1","SUSE-SU-2021:3205-2","SUSE-SU-2021:3206-1","SUSE-SU-2021:3207-1","SUSE-SU-2021:3217-1","SUSE-SU-2021:3415-1","SUSE-SU-2021:3723-1","SUSE-SU-2021:3748-1","SUSE-SU-2021:3876-1","SUSE-SU-2021:3929-1","SUSE-SU-2021:3935-1","SUSE-SU-2021:3969-1","SUSE-SU-2021:3972-1","SUSE-SU-2025:0229-1","openSUSE-SU-2021:1271-1","openSUSE-SU-2021:1477-1","openSUSE-SU-2021:3179-1","openSUSE-SU-2021:3205-1","openSUSE-SU-2021:3876-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6JKK6XNRZX5BT5QVYOKGVJ2BHFZAP5EX/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/565ZS55ZFEN62WVRRORT7R63RXW5F4T4/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2021/08/01/3"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-34556.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"5.13.7"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}