ACK: [PATCH 0/2] [SRU focal/linux-oem-5.6] CVE-2021-20194
Stefan Bader
stefan.bader at canonical.com
Wed Mar 3 08:08:59 UTC 2021
On 02.03.21 19:32, Tim Gardner wrote:
> [Impact]
> There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel
> compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y,
> CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt
> is registered). As result of BPF execution, the local user can trigger bug in
> __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow
> (because of non-hardened usercopy). The impact of attack could be deny of service
> or possibly privileges escalation.
>
> [Test Case]
> None
>
> [Potential regression]
> Simple backport. Released in linux-5.4.y and linux-5.10.y.
>
>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20210303/553d8299/attachment.sig>
More information about the kernel-team
mailing list