blob: 36afdcbdc1f6b99331b41a38de2fed483f66ff7b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
Description: Use-after-free in pcpu_extend_area_map, triggered by bpf()
References:
Reproducer: http://www.openwall.com/lists/oss-security/2016/05/12/6
http://thread.gmane.org/gmane.linux.network/408459/
http://article.gmane.org/gmane.linux.kernel/2227891
http://article.gmane.org/gmane.linux.kernel/2227892
Notes:
bwh> It's not clear whether this is specific to bpf() or an existing bug
bwh> that's now easier to hit (and exploit).
Bugs:
upstream: released (4.7-rc4) [4f996e234dad488e5d9ba0858bc1bae12eff82c3, 6710e594f71ccaad8101bc64321152af7cd9ea28]
3.16-upstream-stable: N/A "Introduced with 1a4d76076cda and 9c824b6a172c in 3.18-rc1"
3.2-upstream-stable: N/A "Introduced with 1a4d76076cda and 9c824b6a172c in 3.18-rc1"
sid: released (4.6.2-2) [bugfix/all/percpu-fix-synchronization-between-chunk-map_extend_.patch, bugfix/all/percpu-fix-synchronization-between-synchronous-map-e.patch]
3.16-jessie-security: N/A "Vulnerable code not present"
3.2-wheezy-security: N/A "Vulnerable code not present"
|
