Login Sign Up

CVE-2021-29154

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in Linux kernel BPF JIT compilers allows attackers to execute arbitrary code within kernel context due to incorrect branch displacement calculations. It affects Linux systems with kernel versions through 5.11.12 that have BPF JIT enabled. Attackers can gain kernel-level privileges and potentially compromise the entire system.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Through 5.11.12
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires BPF JIT to be enabled (default on many distributions). Systems with CONFIG_BPF_JIT_ALWAYS_ON=y are vulnerable.

📦 What is this software?

Cloud Backup by Netapp

View all CVEs affecting Cloud Backup →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

H300e Firmware by Netapp

View all CVEs affecting H300e Firmware →

H300s Firmware by Netapp

View all CVEs affecting H300s Firmware →

H410s Firmware by Netapp

View all CVEs affecting H410s Firmware →

H500e Firmware by Netapp

View all CVEs affecting H500e Firmware →

H500s Firmware by Netapp

View all CVEs affecting H500s Firmware →

H700e Firmware by Netapp

View all CVEs affecting H700e Firmware →

H700s Firmware by Netapp

View all CVEs affecting H700s Firmware →

Hci Management Node by Netapp

View all CVEs affecting Hci Management Node →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Solidfire by Netapp

View all CVEs affecting Solidfire →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level code execution, allowing attackers to install persistent malware, steal sensitive data, or disrupt critical services.

🟠

Likely Case

Local privilege escalation from unprivileged user to root, enabling attackers to bypass security controls and access restricted resources.

🟢

If Mitigated

Limited impact if BPF JIT is disabled or systems are properly segmented with minimal user access.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access. Proof-of-concept code has been published in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.11.13 and later

Vendor Advisory: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26f55a59dc65ff77cd1c4b37991e26497fc68049

Restart Required: Yes

Instructions:

1. Update kernel to version 5.11.13 or later. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable BPF JIT

linux

Disables the BPF JIT compiler to prevent exploitation

echo 0 > /proc/sys/net/core/bpf_jit_enable

Restrict BPF system calls

linux

Use seccomp or other mechanisms to restrict bpf() system calls

🧯 If You Can't Patch

  • Implement strict access controls and limit local user accounts
  • Deploy kernel security modules (SELinux/AppArmor) with strict policies

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r. If version <= 5.11.12 and BPF JIT is enabled, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is >= 5.11.13 and check /proc/sys/net/core/bpf_jit_enable returns 1 (if JIT needed).

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Unexpected BPF program loads
  • Suspicious privilege escalation attempts

Network Indicators:

  • Unusual outbound connections from kernel processes

SIEM Query:

source="kernel" AND ("BPF" OR "JIT" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2021-29154
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-77
Published: April 8, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-29154, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)