|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2021-45940: libbpf: heap-based buffer overflow (4 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c). | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Alexander Bergmann <abergmann> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | IN_PROGRESS --- | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | carlos.lopez, mrostecki, pgajdos, shung-hsi.yu, smash_bz, thomas.leroy, tonyj |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/319366/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2021-45940:5.1:(AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Alexander Bergmann
2022-01-03 15:35:57 UTC
This is interesting: libbpf[1]> grep SUSE:SLE SUSE:SLE-15-SP3:GA libbpf SUSE:SLE-15-SP4:GA libbpf libbpf[1]> isc ls SUSE:SLE-15-SP3:GA/libbpf libbpf.changes libbpf.spec libbpf[0]> isc ls SUSE:SLE-15-SP4:GA/libbpf baselibs.conf libbpf-0.5.0.tar.gz libbpf.changes libbpf.spec libbpf[0]> How could that happen that there is just .spec and .changes? Removing wrong needinfo. (In reply to Petr Gajdos from comment #1) > This is interesting: Not really. BuildRequires: kernel-source is the difference. Fix is now merged upstream https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?h=for-next&id=51deedc9b8680953437dfe359e5268120de10e30, the same fix needed for bug 1194249. This only affects Tumbleweed/Factory. I'll apply the fix there. Fix submitted to Tumbleweed/Factory in SR#1034423. Reassigning back to security team. |