*** This bug is a security vulnerability ***
Public security bug reported:
[Impact]
Per Jann Horn, "Upstream commit dd066823db2ac4e22f721ec85190817b58059a54
("bpf/verifier: disallow pointer subtraction") fixes a security bug
(kernel pointer leak to unprivileged userspace)."
https://lore.kernel.org/netdev/CAG48ez1=zogmdsue38hkg73ea4en+5qotltmzme+pgcthhw...@mail.gmail.com/
[Test Case]
Run the "check subtraction on pointers for unpriv" test from
tools/testing/selftests/bpf/test_verifier.c. The test should pass if the
bug is fixed, fail otherwise.
[Regression Potential]
The change could cause a regression in an unprivileged process that is
using eBPF. I suspect that this is unlikely. The alternative is to leave
a potential security hole open.
** Affects: linux (Ubuntu)
Importance: Medium
Assignee: Tyler Hicks (tyhicks)
Status: Fix Released
** Affects: linux (Ubuntu Bionic)
Importance: Medium
Assignee: Tyler Hicks (tyhicks)
Status: In Progress
** Also affects: linux (Ubuntu Bionic)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu)
Status: In Progress => Fix Released
** Changed in: linux (Ubuntu Bionic)
Status: New => In Progress
** Changed in: linux (Ubuntu Bionic)
Assignee: (unassigned) => Tyler Hicks (tyhicks)
** Changed in: linux (Ubuntu Bionic)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1815259
Title:
BPF: kernel pointer leak to unprivileged userspace
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1815259/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
