Add CVE-2023-39191

author: Salvatore Bonaccorso <carnil@debian.org> 2023-10-05 08:38:27 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2023-10-05 08:38:27 +0200
commit: 8f6d93112dd4b2056f4ffee4a2a9989d9ca461ee (patch)
tree: a4a202ed3f18ebb24c9b6175fd325ea42fd795dd /active/CVE-2023-39191
parent: d147a22071b52ac2916e9e9a3faf1c9158c4f97c (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/active/CVE-2023-39191 b/active/CVE-2023-39191
new file mode 100644
index 00000000..93c75ca1
--- /dev/null
+++ b/active/CVE-2023-39191
@@ -0,0 +1,15 @@
+Description: eBPF: insufficient stack type checks in dynptr
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-23-1489/
+ https://lore.kernel.org/all/20230121002241.2113993-1-memxor@gmail.com/
+Notes:
+ carnil> Debian sets CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
+Bugs:
+upstream: released (6.3-rc1) [d6fefa1105dacc8a742cdcf2f4bfb501c9e61349, 79168a669d8125453c8a271115f1ffd4294e61f6, ef8fc7a07c0e161841779d6fe3f6acd5a05c547c, f8064ab90d6644bc8338d2d7ff6a0d6e7a1b2ef3, 379d4ba831cfa895d0cc61d88cd0e1402f35818c, f5b625e5f8bbc6be8bb568a64d7906b091bc7cb0, 1ee72bcbe48de6dcfa44d6eba0aec6e42d04cd4d, 91b875a5e43b3a8dec4fbdca067c8860004b5f0e, f4d24edf1b9249e43282ac2572d43d9ad10faf43, ef4810135396735c1a6b1c343c3cc4fe4be96a43, 011edc8e49b8551dfb6cfcc8601d05e029cf5994, ae8e354c497af625eaecd3d86e04f9087762d42b]
+6.1-upstream-stable: needed
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2023-10-05 08:38:27 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2023-10-05 08:38:27 +0200
commit	8f6d93112dd4b2056f4ffee4a2a9989d9ca461ee (patch)
tree	a4a202ed3f18ebb24c9b6175fd325ea42fd795dd /active/CVE-2023-39191
parent	d147a22071b52ac2916e9e9a3faf1c9158c4f97c (diff)