Description:
References:
 https://lore.kernel.org/bpf/20200330160324.15259-1-daniel@iogearbox.net/T/
 https://www.openwall.com/lists/oss-security/2020/03/30/3
 https://bugzilla.redhat.com/show_bug.cgi?id=1817350
 https://www.zerodayinitiative.com/advisories/ZDI-20-350/
 https://www.thezdi.com/blog/2020/4/8/cve-2020-8835-linux-kernel-privilege-escalation-via-improper-ebpf-program-verification
Notes:
 carnil> CRD: Monday, March 30th, 16:00 UTC.
 carnil> Introduced by commit 581738a681b6 ("bpf: Provide better
 carnil> register bounds after jmp32 instructions") in 5.5-rc1 and was
 carnil> backported to 5.4.7.
 carnil> CVE as well known as ZDI-CAN-10780.
Bugs:
upstream: released (5.7-rc1) [f2d67fec0b43edce8c416101cdc52e71145b5fef]
4.19-upstream-stable: N/A "Vulnerable code introduced later"
4.9-upstream-stable: N/A "Vulnerable code introduced later"
3.16-upstream-stable: N/A "Vulnerable code introduced later"
sid: released (5.5.13-2) [bugfix/all/bpf-Undo-incorrect-__reg_bound_offset32-handling.patch]
4.19-buster-security: N/A "Vulnerable code introduced later"
4.9-stretch-security: N/A "Vulnerable code introduced later"
3.16-jessie-security: N/A "Vulnerable code introduced later"