[PATCH 0/2] [SRU focal/linux-oem-5.6] CVE-2021-20194
Tim Gardner
tim.gardner at canonical.com
Tue Mar 2 18:32:06 UTC 2021
[Impact]
There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel
compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y,
CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt
is registered). As result of BPF execution, the local user can trigger bug in
__cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow
(because of non-hardened usercopy). The impact of attack could be deny of service
or possibly privileges escalation.
[Test Case]
None
[Potential regression]
Simple backport. Released in linux-5.4.y and linux-5.10.y.
More information about the kernel-team
mailing list