APPLIED: [SRU][Lunar][PATCH 0/4] CVE-2023-39191

[Stefan Bader]

On 26.01.24 23:44, Bethany Jamison wrote:
> [Impact]
> 
> An improper input validation flaw was found in the eBPF subsystem in the
> Linux kernel. The issue occurs due to a lack of proper validation of
> dynamic pointers within user-supplied eBPF programs prior to executing
> them. This may allow an attacker with CAP_BPF privileges to escalate
> privileges and execute arbitrary code in the context of the kernel.
> 
> [Fix]
> 
> Clean cherry-picks. 3 fix commits were skipped because they were already
> applied upstream.
> 
> [Test Case]
> 
> Compile and boot tested.
> 
> [Regression Potential]
> 
> Issues could occur when using bpf dynamic pointers.
> 
> Kumar Kartikeya Dwivedi (4):
>    bpf: Invalidate slices on destruction of dynptrs on stack
>    bpf: Allow reinitializing unreferenced dynptr stack slots
>    bpf: Combine dynptr_get_spi and is_spi_bounds_valid
>    bpf: Avoid recomputing spi in process_dynptr_func
> 
>   include/linux/bpf_verifier.h                  |   5 +-
>   kernel/bpf/verifier.c                         | 201 +++++++++++-------
>   .../testing/selftests/bpf/progs/dynptr_fail.c |   4 +-
>   3 files changed, 135 insertions(+), 75 deletions(-)
> 

Applied to lunar:linux/master-next (unlikely to be released). Thanks.

-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240130/cff7ab4b/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240130/cff7ab4b/attachment-0001.sig>