Bugzilla – Bug 1167722
VUL-0: CVE-2020-8835: kernel-source: out-of-bounds write in the bpf verifier for 32bit operations
Last modified: 2022-12-23 12:16:52 UTC
This is the submission, I believe:
(In reply to Michal Kubeček from comment #8)
> This is the submission, I believe:
Thanks for pointing the submission. Will backport the patches.
From: Steve Beattie <firstname.lastname@example.org>
Subject: [oss-security] CVE-2020-8835: Linux kernel bpf incorrect verifier vulnerability
Manfred Paul, as part of the ZDI pwn2own competition, demonstrated
that a flaw existed in the bpf verifier for 32bit operations. This
was introduced in commit:
581738a681b6 ("bpf: Provide better register bounds after jmp32 instructions")
The result is that register bounds were improperly calculated,
allowing out-of-bounds reads and writes to occur.
This issue affects 5.5 kernels, and was backported to 5.4-stable
as b4de258dede528f88f401259aab3147fb6da1ddf. The Linux kernel bpf
maintainers recommend reverting the patch for stable releases:
This bpf functionality is available to unprivileged users unless the
kernel.unprivileged_bpf_disabled sysctl is set to 1.
This issue has been identified as CVE-2020-8835 (and ZDI-CAN-10780).
was fixed before 15-SP2 GA