Bug 1184200 - (CVE-2021-29648) VUL-0: CVE-2021-29648: kernel-source-rt,kernel-source-azure,kernel-source: BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized
(CVE-2021-29648)
VUL-0: CVE-2021-29648: kernel-source-rt,kernel-source-azure,kernel-source: BP...
Status: RESOLVED WORKSFORME
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/280756/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-03-31 07:53 UTC by Robert Frohl
Modified: 2021-03-31 10:07 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2021-03-31 07:53:42 UTC
CVE-2021-29648

An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem
does not properly consider that resolved_ids and resolved_sizes are
intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can
cause a system crash upon an unexpected access attempt (in map_create in
kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c), aka
CID-350a5c4dd245.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29648
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=350a5c4dd2452ea999cc5e1d4a8dbf12de2f97ef
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11
Comment 1 Robert Frohl 2021-03-31 07:58:41 UTC
350a5c4dd245:
> Fixes: 5329722057d4 ("bpf: Assign ID to vmlinux BTF and return extra info for BTF in GET_OBJ_INFO")

Affects v5.11 and on. Could not find a backport. Therefor tracking all SUSE kernels as not affected.
Comment 2 Takashi Iwai 2021-03-31 08:42:29 UTC
Yes, look so.  And, the stable branch already got the fix via 5.11.11 stable tree.

Reassigned back to security team.
Comment 3 Robert Frohl 2021-03-31 10:07:58 UTC
done