ACK: [SRU][Focal][PATCH 0/1] CVE-2021-4001
Roxana Nicolescu
roxana.nicolescu at canonical.com
Tue Aug 29 13:19:03 UTC 2023
On 07/08/2023 15:21, Jacob Martin wrote:
> [Impact]
> It was discovered that the eBPF implementation in the Linux kernel
> contained a race condition around read-only maps. A privileged attacker
> could use this to modify read-only maps.
>
> [Backport]
> Memory mapping and batch support for BPF maps are not present in
> focal:linux, so changes to missing functions were omitted, and writecnt
> was added to struct bpf_map.
>
> [Test]
> Compile and boot tested. Verified prior-working race using userfaultfd
> was no longer achievable with patch applied.
>
> [Potential Regression]
> This change affects the kernel's BPF subsystem.
>
> Daniel Borkmann (1):
> bpf: Fix toctou on read-only map's constant scalar tracking
>
> include/linux/bpf.h | 2 ++
> kernel/bpf/syscall.c | 25 +++++++++++++++++++++++++
> kernel/bpf/verifier.c | 18 +++++++++++++++++-
> 3 files changed, 44 insertions(+), 1 deletion(-)
>
Acked-by: Roxana Nicolescu <roxana.nicolescu at canonical.com>
More information about the kernel-team
mailing list