Bugzilla – Bug 1190126
VUL-0: CVE-2021-31440: kernel-source-azure,kernel-source-rt,kernel-source: local escalation of privileges in handling of eBPF programs
Last modified: 2021-12-07 12:56:50 UTC
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. External Reference: https://www.zerodayinitiative.com/advisories/ZDI-21-503/ Upstream Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=10bf4e83167cc68595b85fd73bb91e8f2c086e36
upstream affected: 5.7 and later (fixes: 3f50f132d840) fixed upstream: 5.13 and later patches.suse/bpf-Fix-propagation-of-32-bit-unsigned-bounds-from-6.patch is in 15-sp3 branch, but not in 15-sp2 (not sure if 15-sp2 has the problem).
(In reply to Marcus Meissner from comment #1) > > is in 15-sp3 branch, but not in 15-sp2 (not sure if 15-sp2 has the problem). Correct because we did not take 3f50f132d840 into SP2. We have a related fix in SP2 from ee114dd64c and that seems correct.
Stable is at 5.14, so not needed there either. So I believe we're good here. Reassigning back to default.
done