Add CVE-2021-3600

author: Salvatore Bonaccorso <carnil@debian.org> 2021-06-23 19:18:35 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-06-23 19:18:35 +0200
commit: 35409d397c78008e13d7b365d1b2fd87f5663428 (patch)
tree: 11b34db0e8c1758a501ab6b6c25198005c60aee0 /active/CVE-2021-3600
parent: f6fe0efe042b226d292aa8f3a70831c1131b0304 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/active/CVE-2021-3600 b/active/CVE-2021-3600
new file mode 100644
index 00000000..06dd39a1
--- /dev/null
+++ b/active/CVE-2021-3600
@@ -0,0 +1,16 @@
+Description: eBPF 32-bit source register truncation on div/mod
+References:
+ https://www.openwall.com/lists/oss-security/2021/06/23/1
+Notes:
+ carnil> Introduced by 68fda450a7df ("bpf: fix 32-bit divide by zero")
+ carnil> in 4.15-rc9 (and was backported to 4.9.79). Though the specifc
+ carnil> attach will not work on v4.9.y as pointer arithmetic is
+ carnil> prohibited on those kernels.
+Bugs:
+upstream: (5.11) [e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90]
+5.10-upstream-stable: released (5.10.16) [1d16cc210fabd0a7ebf52d3025f81c2bde054a90]
+4.19-upstream-stable: needed
+4.9-upstream-stable: needed
+sid: released (5.10.19-1)
+4.19-buster-security: needed
+4.9-stretch-security: needed
author	Salvatore Bonaccorso <carnil@debian.org>	2021-06-23 19:18:35 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-06-23 19:18:35 +0200
commit	35409d397c78008e13d7b365d1b2fd87f5663428 (patch)
tree	11b34db0e8c1758a501ab6b6c25198005c60aee0 /active/CVE-2021-3600
parent	f6fe0efe042b226d292aa8f3a70831c1131b0304 (diff)