blob: 3e4a2b1f2163a89acc02c7ac61e834a88ae060c8 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
|
Description: UAF via double-fdput() in bpf(BPF_PROG_LOAD) error path
References:
https://bugs.chromium.org/p/project-zero/issues/detail?id=808
Notes:
Introduced by: https://git.kernel.org/linus/0246e64d9a5fcd4805198de59b9b5cf1f974eb41 (v3.18-rc1)
Exploitable since: https://git.kernel.org/linus/1be7f75d1668d6296b80bf35dcf6762393530afc (v4.4-rc1)
Bugs:
upstream: released (4.6-rc6) [8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7]
3.16-upstream-stable: N/A "Vulnerable code introduced in 0246e64d9a5fcd4805198de59b9b5cf1f974eb41 (3.18-rc1)"
3.2-upstream-stable: N/A "Vulnerable code introduced in 0246e64d9a5fcd4805198de59b9b5cf1f974eb41 (3.18-rc1)"
sid: released (4.5.3-1) [bugfix/all/bpf-fix-double-fdput-in-replace_map_fd_with_map_ptr.patch]
3.16-jessie-security: N/A "Vulnerable code not present"
3.2-wheezy-security: N/A "Vulnerable code not present"
|
