blob: d2241adec9a321f3eb77e8d5ede5b33b88f7760a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
Description: heap overflow in __cgroup_bpf_run_filter_getsockopt()
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1912683
https://patchwork.kernel.org/project/netdevbpf/patch/20210122164232.61770-1-loris.reiff@liblor.ch/#23921223
Notes:
carnil> kernel.unprivileged_bpf_disabled = 1 can mitigate the issue.
carnil> Prerequisites to exploit the issue seems to be kernel compiled
carnil> with CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y ,
carnil> CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set.
Bugs:
upstream: released (5.11-rc7) [bb8b81e396f7afbe7c50d789e2107512274d2a35, f4a2da755a7e1f5d845c52aee71336cee289935a]
5.10-upstream-stable: released (5.10.15) [ee3844e61706dc7a349b5380c1dff7b8d7153cad, 9447d0f8a621be34ba1507b15aa20057c00ae7fc]
4.19-upstream-stable: N/A "Vulnerable code not present"
4.9-upstream-stable: N/A "Vulnerable code not present"
sid: released (5.10.19-1)
4.19-buster-security: N/A "Vulnerable code not present"
4.9-stretch-security: N/A "Vulnerable code not present"
|
