Bug 966684 - (CVE-2016-2383) VUL-0: CVE-2016-2383: kernel: Incorrect branch fixups for eBPF allow arbitrary read
(CVE-2016-2383)
VUL-0: CVE-2016-2383: kernel: Incorrect branch fixups for eBPF allow arbitrar...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/161884/
CVSSv2:SUSE:CVE-2016-2383:3.3:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-15 09:48 UTC by Sebastian Krahmer
Modified: 2018-07-03 21:08 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2016-02-15 09:48:35 UTC
Via OSS-sec:

> https://git.kernel.org/linus/a1b14d27ed0965838350f1377ff97c93ee383492
>bpf: fix branch offset adjustment on backjumps after patching ctx expansion
>
>for backward jumps it fails to account the delta
>
>kernel/bpf/verifier.c
>adjust_branches
>
>-    else if (i > pos && i + insn->off + 1 < pos)
>+    else if (i > pos + delta && i + insn->off + 1 <= pos + delta)

Use CVE-2016-2383


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2383
http://seclists.org/oss-sec/2016/q1/333
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2383.html
Comment 1 Sebastian Krahmer 2016-02-15 09:57:58 UTC
Via OSS:

The issue was introduced in v4.1-rc1 with commit
https://git.kernel.org/linus/9bac3d6d548e5cc925570b263f35b70a00a00ffd
Comment 2 Swamp Workflow Management 2016-02-15 23:01:19 UTC
bugbot adjusting priority
Comment 3 Borislav Petkov 2016-02-20 10:27:47 UTC
79b9217f8567..9dff6f3e8af8  HEAD -> ... openSUSE-42.1/for-next
9b5bc469588b..34c3c2e5ca1b  HEAD -> ... SLE12-SP2/for-next

Done.
Comment 4 Swamp Workflow Management 2016-04-12 10:16:09 UTC
openSUSE-SU-2016:1008-1: An update that solves 15 vulnerabilities and has 26 fixes is now available.

Category: security (important)
Bug References: 814440,884701,949936,951440,951542,951626,951638,953527,954018,954404,954405,954876,958439,958463,958504,959709,960561,960563,960710,961263,961500,961509,962257,962866,962977,963746,963765,963767,963931,965125,966137,966179,966259,966437,966684,966693,968018,969356,969582,970845,971125
CVE References: CVE-2015-1339,CVE-2015-7799,CVE-2015-7872,CVE-2015-7884,CVE-2015-8104,CVE-2015-8709,CVE-2015-8767,CVE-2015-8785,CVE-2015-8787,CVE-2015-8812,CVE-2016-0723,CVE-2016-2069,CVE-2016-2184,CVE-2016-2383,CVE-2016-2384
Sources used:
openSUSE Leap 42.1 (src):    kernel-debug-4.1.20-11.1, kernel-default-4.1.20-11.1, kernel-docs-4.1.20-11.3, kernel-ec2-4.1.20-11.1, kernel-obs-build-4.1.20-11.2, kernel-obs-qa-4.1.20-11.1, kernel-obs-qa-xen-4.1.20-11.1, kernel-pae-4.1.20-11.1, kernel-pv-4.1.20-11.1, kernel-source-4.1.20-11.1, kernel-syms-4.1.20-11.1, kernel-vanilla-4.1.20-11.1, kernel-xen-4.1.20-11.1
Comment 5 Marcus Meissner 2016-08-01 13:22:05 UTC
released