APPLIED: [SRU Groovy 0/2] CVE-2021-20194
William Breathitt Gray
william.gray at canonical.com
Fri Feb 19 07:29:33 UTC 2021
On Thu, Feb 18, 2021 at 04:39:35PM -0300, Thadeu Lima de Souza Cascardo wrote:
> Note:
> Not sending for Focal as this is queued on stable-next [1] tree.
>
> [1] git://kernel.ubuntu.com/ubuntu-stable/ubuntu-stable-focal.git
>
> [Impact]
> If there is a BPF attached to getsockopt, user can trigger a crash like:
> [ 261.273921] WARNING: CPU: 0 PID: 753 at include/linux/thread_info.h:150 __cgroup_bpf_run_filter_getsockopt+0x2b0/0x2d0
>
> [Test case]
> Running reproducer causes the crash without the fixes.
>
> [Potential regression]
> Programs could misbehave when trying to use getsockopt under a cgroup
> with a getsockopt BPF attached. Network failures for programs under
> containers or systemd are possible regressions.
>
> Loris Reiff (2):
> bpf, cgroup: Fix optlen WARN_ON_ONCE toctou
> bpf, cgroup: Fix problematic bounds check
>
> kernel/bpf/cgroup.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> --
> 2.27.0
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Applied to groovy:linux/master-next.
William Breathitt Gray
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20210219/c872daf8/attachment.sig>
More information about the kernel-team
mailing list