** Description changed:
[Impact]
s390 BPF JIT vulnerabilities allow the eBPF verifier to be bypassed, leading
to possible local privilege escalation.
[Mitigation]
Disable unprivileged eBPF.
sysctl -w kernel.unprivileged_bpf_disabled=1
[Potential regression]
BPF programs might execute incorrectly, affecting seccomp, socket filters,
tracing and other BPF users.
+
+ Commits to address this are upstream in Linus' tree; they are:
+
+ 1511df6f5e9e ("s390/bpf: Fix branch shortening during codegen pass")
+ 6e61dc9da0b7 ("s390/bpf: Fix 64-bit subtraction of the -0x80000000
constant")
+ db7bee653859 ("s390/bpf: Fix optimizing out zero-extensions")
+
+ and have been applied to the 5.14, 5.4 , 4.19, and 4.4 stable branches.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1943960
Title:
s390x BPF JIT vulnerabilities
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1943960/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
