blob: b0f7717d5ac03c6b17253dec6651ac2d78de14a2 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Description: eBPF RINGBUF map oversized allocation
References:
https://www.openwall.com/lists/oss-security/2021/05/11/10
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=04ea3086c4d73da7009de1e84962a904139af219
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=98a34e93da83e50e197584c7c362668bf12c1d54
https://flatt.tech/assets/reports/210401_pwn2own/whitepaper.pdf
Notes:
carnil> Introduced in 5.8-rc1 by 457f44363a88 ("bpf: Implement BPF ring
carnil> buffer and verifier support for it").
Bugs:
upstream: released (5.13-rc4) [4b81ccebaeee885ab1aa1438133f2991e3a2b6ea]
5.10-upstream-stable: released (5.10.37) [1ca284f0867079a34f52a6f811747695828166c6]
4.19-upstream-stable: N/A "Vulnerable code introduced later"
4.9-upstream-stable: N/A "Vulnerable code introduced later"
sid: released (5.10.38-1)
4.19-buster-security: N/A "Vulnerable code introduced later"
4.9-stretch-security: N/A "Vulnerable code introduced later"
|