[SRU Groovy,Focal/linux-oem-5.6 0/1] CVE-2021-20239
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Fri Feb 19 18:29:38 UTC 2021
[Impact]
When a BPF is attached to setsockopt, user can break KASLR by doing
indirect pointer plays with setsockopt values.
[Test Case]
A reproducer was run and found to be fixed by applying this patch on
both 5.8 and 5.6.
[Potential regression]
The specific fix for these series would also affect programs that do not
use BPF. But any esoteric programs that give an invalid address to setsockopt
and expect only EFAULT and do not deal with EINVAL should probably feel
the pain. This has been applied to 5.4 as well, and it's upstream, so any
other users that would justify reverting could have shown up by now.
Daniel Borkmann (1):
net, sctp, filter: remap copy_from_user failure error
net/core/filter.c | 2 +-
net/sctp/socket.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--
2.27.0
More information about the kernel-team
mailing list