APPLIED Re: [SRU OEM-5.17,OEM-6.0 0/1] CVE-2023-2163
Timo Aaltonen
tjaalton at ubuntu.com
Fri Aug 11 09:31:29 UTC 2023
Thadeu Lima de Souza Cascardo kirjoitti 4.8.2023 klo 14.32:
> [Impact]
> Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski
> discovered that the BPF verifier in the Linux kernel did not properly mark
> registers for precision tracking in certain situations, leading to an out-
> of-bounds access vulnerability. A local attacker could use this to cause a
> denial of service (system crash) or possibly execute arbitrary code.
>
> [Potential regression]
> eBPF users may notice regressions.
>
> Daniel Borkmann (1):
> bpf: Fix incorrect verifier pruning due to missing register precision
> taints
>
> kernel/bpf/verifier.c | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
applied to oem kernels, thanks
--
t
More information about the kernel-team
mailing list