[SRU][Focal][PATCH 0/1] CVE-2021-4001
Jacob Martin
jacob.martin at canonical.com
Mon Aug 7 13:21:22 UTC 2023
[Impact]
It was discovered that the eBPF implementation in the Linux kernel
contained a race condition around read-only maps. A privileged attacker
could use this to modify read-only maps.
[Backport]
Memory mapping and batch support for BPF maps are not present in
focal:linux, so changes to missing functions were omitted, and writecnt
was added to struct bpf_map.
[Test]
Compile and boot tested. Verified prior-working race using userfaultfd
was no longer achievable with patch applied.
[Potential Regression]
This change affects the kernel's BPF subsystem.
Daniel Borkmann (1):
bpf: Fix toctou on read-only map's constant scalar tracking
include/linux/bpf.h | 2 ++
kernel/bpf/syscall.c | 25 +++++++++++++++++++++++++
kernel/bpf/verifier.c | 18 +++++++++++++++++-
3 files changed, 44 insertions(+), 1 deletion(-)
--
2.34.1
More information about the kernel-team
mailing list