[PATCH][X/Z/A] CVE fixes for eBPF
Seth Forshee
seth.forshee at canonical.com
Thu Jan 4 14:16:59 UTC 2018
On Thu, Jan 04, 2018 at 08:01:14AM -0600, Seth Forshee wrote:
> The following patches fix problems with eBPF in xenial, zesty, and
> artful, assigned the following CVE numbers:
>
> CVE-2017-16995
> CVE-2017-17862
> CVE-2017-17863
> CVE-2017-17864
>
> These are taken from a larger set of vulnerabilities, several of which
> were introduced only in 4.14. Only the first two fixes are applicable to
> xenial, with some extra backporting to make the fixes compatible. The
> patches for CVE-2017-17863 and CVE-2017-17864 are based on the fixes
> from 4.9 stable and debian respectively as the code has diverged
> sisignificatnly upstream.
Also should have mentioned, I've tested these with all proof-of-concept
exploits and also regression tested using the kernel's bpf selftests.
More information about the kernel-team
mailing list