ACK: [SRU Focal,Groovy,Hirsute,Focal/linux-oem-5.10 0/3] CVE-2021-33200

Ian May ian.may at canonical.com
Thu May 27 22:31:02 UTC 2021


On 2021-05-27 18:36:42 , Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> The vulnerability allows OOB reads and writes. Code execution cannot be ruled out.
> 
> [Potential regression]
> Some BPF code may be denied to load.
> 
> [Test]
> I tested a reproducer that may cause a kaslr leak, and it was stopped
> after the fixes were applied.
> 

LGTM

Acked-by: Ian May <ian.may at canonical.com>

> Daniel Borkmann (3):
>   bpf: Wrap aux data inside bpf_sanitize_info container
>   bpf: Fix mask direction swap upon off reg sign change
>   bpf: No need to simulate speculative domain for immediates
> 
>  kernel/bpf/verifier.c | 46 ++++++++++++++++++++++++++-----------------
>  1 file changed, 28 insertions(+), 18 deletions(-)
> 
> -- 
> 2.30.2
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team



More information about the kernel-team mailing list