From 202b682356c292929e6978ef18d5b0d9cb6dbb40 Mon Sep 17 00:00:00 2001
From: Ethan <1228921572@qq.com>
Date: Fri, 10 Mar 2023 09:45:43 +0000
Subject: [PATCH] add cve/linux-kernel/2021/yaml/CVE-2021-29155.yaml.

Signed-off-by: Ethan <1228921572@qq.com>
---
 .../2021/yaml/CVE-2021-29155.yaml             | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 cve/linux-kernel/2021/yaml/CVE-2021-29155.yaml

diff --git a/cve/linux-kernel/2021/yaml/CVE-2021-29155.yaml b/cve/linux-kernel/2021/yaml/CVE-2021-29155.yaml
new file mode 100644
index 00000000..e3a60d96
--- /dev/null
+++ b/cve/linux-kernel/2021/yaml/CVE-2021-29155.yaml
@@ -0,0 +1,20 @@
+id: CVE-2021-29155
+source: https://github.com/benschlueter/CVE-2021-29155
+info:
+  name: Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
+  Linux kernel存在缓冲区错误漏洞，攻击者可利用该漏洞可以通过猜测的Linux内核的越界负载绕过对数据的访问限制
+  severity: 中
+  description: |
+    An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.
+  scope-of-influence:
+    Linux-kernel ≤ 5.12
+  reference:
+    - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/
+    - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/
+  classification:
+    cvss-metrics:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 漏洞评分
+    cve-id: CVE-2021-29155
+    cwe-id: CWE-125
+    cnvd-id: CNNVD-202104-1355
+  tags: 缓冲区错误
\ No newline at end of file
-- 
Gitee