CVE-2021-38300
7.8 HIGHarch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF progr...
Published: 2021-09-20 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.8 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
| Vendor | Product |
|---|---|
| debian | cloud_backup, debian_linux, h300e_firmware |
| linux | cloud_backup, debian_linux, h300e_firmware |
| netapp | cloud_backup, debian_linux, h300e_firmware |
Description
arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-38300
- [Patch]http://www.openwall.com/lists/oss-security/2021/09/15/5
- [Vendor advisory]https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.10
- [Patch]https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=37cb28ec7d3a36a5bace7063a3dba633ab110f8b
- [Other]https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- [Other]https://security.netapp.com/advisory/ntap-20211008-0003/
- [Other]https://www.debian.org/security/2022/dsa-5096
- [Patch]http://www.openwall.com/lists/oss-security/2021/09/15/5
- [Vendor advisory]https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.10
- [Patch]https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=37cb28ec7d3a36a5bace7063a3dba633ab110f8b
- [Other]https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- [Other]https://security.netapp.com/advisory/ntap-20211008-0003/
- [Other]https://www.debian.org/security/2022/dsa-5096
Related CVEs
Same vendor
- CVE-2026-49975 — Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP ... (7.5 HIGH)
- CVE-2026-46273 — In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapt... (8.6 HIGH)
- CVE-2026-46272 — In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode ... (4.7 MEDIUM)
- CVE-2026-46271 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi... (7.8 HIGH)
- CVE-2026-46270 — In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_supply_changed() ... (8.4 HIGH)