[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Linux kernel: BPF spectre v1 mitigation bypass (CVE-2019-7308, fixed in 4.19.19 and 4
From:       Jann Horn <jannhorn () googlemail ! com>
Date:       2019-02-01 22:20:26
Message-ID: CAG48ez1N30mTGj575XvEHQqrhOT+gF1yEEGpKAqw2dBMHwMxTA () mail ! gmail ! com
[Download RAW message or body]

I discovered a bypass for the spectre v1 hardening in the eBPF engine
of the Linux kernel (which is exposed to unprivileged userspace since
kernel 4.4).

This is CVE-2019-7308. The issue has been fixed in 4.19.19 and 4.20.6
stable so far.

The main fix is
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=979d63d50c0c0f7bc537bf821e056cc9fe5abd38
 , but it depends both on its parent commits and one ancestor that
fixes a new issue introduced by it.

Full bug report is at
<https://bugs.chromium.org/p/project-zero/issues/detail?id=1711>.


[prev in list] [next in list] [prev in thread] [next in thread]