[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2020-8835: Linux kernel bpf incorrect verifier vulnerability
From: Steve Beattie <steve () nxnw ! org>
Date: 2020-03-30 16:36:24
Message-ID: 20200330163624.GA1550193 () nxnw ! org
[Download RAW message or body]
[re-sending, apologies if a prior version makes it to the list.]
Manfred Paul, as part of the ZDI pwn2own competition, demonstrated
that a flaw existed in the bpf verifier for 32bit operations. This
was introduced in commit:
581738a681b6 ("bpf: Provide better register bounds after jmp32 instructions")
The result is that register bounds were improperly calculated,
allowing out-of-bounds reads and writes to occur.
This issue affects 5.5 kernels, and was backported to 5.4-stable
as b4de258dede528f88f401259aab3147fb6da1ddf. The Linux kernel bpf
maintainers recommend reverting the patch for stable releases:
https://lore.kernel.org/bpf/20200330160324.15259-1-daniel@iogearbox.net/T/
This bpf functionality is available to unprivileged users unless the
kernel.unprivileged_bpf_disabled sysctl is set to 1.
This issue has been identified as CVE-2020-8835 (and ZDI-CAN-10780).
https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8835.html
--
Steve Beattie
<sbeattie@ubuntu.com>
http://NxNW.org/~steve/
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic