blob: 93c75ca1b684ad82e71066953d6c6c42415ecb48 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
Description: eBPF: insufficient stack type checks in dynptr
References:
https://www.zerodayinitiative.com/advisories/ZDI-23-1489/
https://lore.kernel.org/all/20230121002241.2113993-1-memxor@gmail.com/
Notes:
carnil> Debian sets CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
Bugs:
upstream: released (6.3-rc1) [d6fefa1105dacc8a742cdcf2f4bfb501c9e61349, 79168a669d8125453c8a271115f1ffd4294e61f6, ef8fc7a07c0e161841779d6fe3f6acd5a05c547c, f8064ab90d6644bc8338d2d7ff6a0d6e7a1b2ef3, 379d4ba831cfa895d0cc61d88cd0e1402f35818c, f5b625e5f8bbc6be8bb568a64d7906b091bc7cb0, 1ee72bcbe48de6dcfa44d6eba0aec6e42d04cd4d, 91b875a5e43b3a8dec4fbdca067c8860004b5f0e, f4d24edf1b9249e43282ac2572d43d9ad10faf43, ef4810135396735c1a6b1c343c3cc4fe4be96a43, 011edc8e49b8551dfb6cfcc8601d05e029cf5994, ae8e354c497af625eaecd3d86e04f9087762d42b]
6.1-upstream-stable: needed
5.10-upstream-stable: N/A "Vulnerable code not present"
4.19-upstream-stable: N/A "Vulnerable code not present"
sid: released (6.3.7-1)
6.1-bookworm-security: needed
5.10-bullseye-security: N/A "Vulnerable code not present"
4.19-buster-security: N/A "Vulnerable code not present"
|
