[SRU][Lunar][PATCH 0/4] CVE-2023-39191
Bethany Jamison
bethany.jamison at canonical.com
Fri Jan 26 22:44:49 UTC 2024
[Impact]
An improper input validation flaw was found in the eBPF subsystem in the
Linux kernel. The issue occurs due to a lack of proper validation of
dynamic pointers within user-supplied eBPF programs prior to executing
them. This may allow an attacker with CAP_BPF privileges to escalate
privileges and execute arbitrary code in the context of the kernel.
[Fix]
Clean cherry-picks. 3 fix commits were skipped because they were already
applied upstream.
[Test Case]
Compile and boot tested.
[Regression Potential]
Issues could occur when using bpf dynamic pointers.
Kumar Kartikeya Dwivedi (4):
bpf: Invalidate slices on destruction of dynptrs on stack
bpf: Allow reinitializing unreferenced dynptr stack slots
bpf: Combine dynptr_get_spi and is_spi_bounds_valid
bpf: Avoid recomputing spi in process_dynptr_func
include/linux/bpf_verifier.h | 5 +-
kernel/bpf/verifier.c | 201 +++++++++++-------
.../testing/selftests/bpf/progs/dynptr_fail.c | 4 +-
3 files changed, 135 insertions(+), 75 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list