[SRU Groovy 0/2] CVE-2021-20194
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Thu Feb 18 19:39:35 UTC 2021
Note:
Not sending for Focal as this is queued on stable-next [1] tree.
[1] git://kernel.ubuntu.com/ubuntu-stable/ubuntu-stable-focal.git
[Impact]
If there is a BPF attached to getsockopt, user can trigger a crash like:
[ 261.273921] WARNING: CPU: 0 PID: 753 at include/linux/thread_info.h:150 __cgroup_bpf_run_filter_getsockopt+0x2b0/0x2d0
[Test case]
Running reproducer causes the crash without the fixes.
[Potential regression]
Programs could misbehave when trying to use getsockopt under a cgroup
with a getsockopt BPF attached. Network failures for programs under
containers or systemd are possible regressions.
Loris Reiff (2):
bpf, cgroup: Fix optlen WARN_ON_ONCE toctou
bpf, cgroup: Fix problematic bounds check
kernel/bpf/cgroup.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--
2.27.0
More information about the kernel-team
mailing list