[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2021-3490 - Linux kernel eBPF bitwise ops ALU32 bounds tracking
From: Thadeu Lima de Souza Cascardo <cascardo () canonical ! com>
Date: 2021-05-11 17:56:47
Message-ID: 20210511175647.GL12149 () mussarela
[Download RAW message or body]
It was discovered that eBPF ALU32 bounds tracking for bitwise ops (AND, OR and
XOR) did not update the 32-bit bounds.
Manfred Paul (@_manfp) of the RedRocket CTF team (@redrocket_ctf) working with
Trend Micro's Zero Day Initiative discovered that this vulnerability could be
turned into out-of-bounds reads and writes in the kernel. This has been
reported as ZDI-CAN-13590, and assigned CVE-2021-3490.
It was introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32
bounds tracking"). The XOR version was introduced by commit 2921c90d4718 ("bpf:
Fix a verifier failure with xor"). The first one was introduced in 5.7-rc1,
while the latter was introduced in 5.10-rc1. There has been no backport to any
upstream LTS kernel.
This was fixed by commit:
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=049c4e13714ecbca567b4d5f6d563f05d431c80e
Cascardo.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic