Commits to address this are upstream in Linus' tree; they are:
1511df6f5e9e ("s390/bpf: Fix branch shortening during codegen pass")
6e61dc9da0b7 ("s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant")
db7bee653859 ("s390/bpf: Fix optimizing out zero-extensions")
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1943960
Title:
s390x BPF JIT vulnerabilities
Status in Ubuntu on IBM z Systems:
Fix Released
Status in linux package in Ubuntu:
Fix Released
Bug description:
[Impact]
s390 BPF JIT vulnerabilities allow the eBPF verifier to be bypassed, leading
to possible local privilege escalation.
[Mitigation]
Disable unprivileged eBPF.
sysctl -w kernel.unprivileged_bpf_disabled=1
[Potential regression]
BPF programs might execute incorrectly, affecting seccomp, socket filters,
tracing and other BPF users.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1943960/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
