summaryrefslogtreecommitdiffstats
path: root/retired/CVE-2021-45402
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2022-02-11 20:49:40 +0100
committerSalvatore Bonaccorso <carnil@debian.org>2022-02-11 20:49:40 +0100
commit9cf335eee40b048fcb43bc0ab1888785aea3db97 (patch)
treee4f2422bcf78f3c7a812aebb33feefc733cf702e /retired/CVE-2021-45402
parentf5d89cd1f3949a3ac013d86bef157aa8be877e6a (diff)
Retire some CVEs
Diffstat (limited to 'retired/CVE-2021-45402')
-rw-r--r--retired/CVE-2021-4540217
1 files changed, 17 insertions, 0 deletions
diff --git a/retired/CVE-2021-45402 b/retired/CVE-2021-45402
new file mode 100644
index 00000000..2bc13bbb
--- /dev/null
+++ b/retired/CVE-2021-45402
@@ -0,0 +1,17 @@
+Description: check_alu_op() function in kernel/bpf/verifier.c does not properly update bounds while handling the mov32 instruction
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=3cf2b61eb06765e27fec6799292d9fb46d0b7e60
+ https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b1a7288dedc6caf9023f2676b4f5ed34cf0d4029
+ https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=e572ff80f05c33cd0cb4860f864f5c9c044280b6
+Notes:
+ carnil> Commit fixes 3f50f132d840 ("bpf: Verifier, do explicit ALU32
+ carnil> bounds tracking") in v5.7-rc1.
+Bugs:
+upstream: released (5.16-rc6) [3cf2b61eb06765e27fec6799292d9fb46d0b7e60, e572ff80f05c33cd0cb4860f864f5c9c044280b6]
+5.10-upstream-stable: released (5.10.88) [e2aad0b5f2cbf71a31d00ce7bb4dee948adff5a9, 279e0bf80d95184666c9d41361b1625c045d1dcb]
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code introduced later"
+4.9-stretch-security: N/A "Vulnerable code introduced later"

© 2014-2024 Faster IT GmbH | imprint | privacy policy