APPLIED[G]: [SRU Groovy,Focal/linux-oem-5.6 0/1] CVE-2021-20239
Stefan Bader
stefan.bader at canonical.com
Wed Feb 24 10:28:59 UTC 2021
On 19.02.21 19:29, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> When a BPF is attached to setsockopt, user can break KASLR by doing
> indirect pointer plays with setsockopt values.
>
> [Test Case]
> A reproducer was run and found to be fixed by applying this patch on
> both 5.8 and 5.6.
>
> [Potential regression]
> The specific fix for these series would also affect programs that do not
> use BPF. But any esoteric programs that give an invalid address to setsockopt
> and expect only EFAULT and do not deal with EINVAL should probably feel
> the pain. This has been applied to 5.4 as well, and it's upstream, so any
> other users that would justify reverting could have shown up by now.
>
> Daniel Borkmann (1):
> net, sctp, filter: remap copy_from_user failure error
>
> net/core/filter.c | 2 +-
> net/sctp/socket.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
Applied to groovy:linux/master-next. Thanks.
-Stefan
More information about the kernel-team
mailing list