APPLIED: [PATCH 0/2] [SRU focal/linux-oem-5.6] CVE-2021-20194
Tim Gardner
tim.gardner at canonical.com
Fri Mar 19 16:42:43 UTC 2021
Applied to focal/linux-oem-5.6-next. Thanks.
-rtg
On 3/2/21 11:32 AM, Tim Gardner wrote:
> [Impact]
> There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel
> compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y,
> CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt
> is registered). As result of BPF execution, the local user can trigger bug in
> __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow
> (because of non-hardened usercopy). The impact of attack could be deny of service
> or possibly privileges escalation.
>
> [Test Case]
> None
>
> [Potential regression]
> Simple backport. Released in linux-5.4.y and linux-5.10.y.
>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list