*** This bug is a security vulnerability ***
Private security bug reported:
[Impact]
adjust_ptr_min_max_vals will allow a pointer arithmetic with any value, but set
the register to a SCALAR, preventing further pointer operations, leading to a
pointer leak, aka, KASLR leak.
[Potential regression]
Any potential fixes will change the verifier, which means that some BPF code
that was previously allowed may be prevented to load. It may also lead to other
code being allowed that leads to other vulnerabilities.
[Test case]
Use a privately shared code to test it.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Public to Private Security
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1954904
Title:
bpf pointer tainted kaslr leak
Status in linux package in Ubuntu:
New
Bug description:
[Impact]
adjust_ptr_min_max_vals will allow a pointer arithmetic with any value, but
set the register to a SCALAR, preventing further pointer operations, leading to
a pointer leak, aka, KASLR leak.
[Potential regression]
Any potential fixes will change the verifier, which means that some BPF code
that was previously allowed may be prevented to load. It may also lead to other
code being allowed that leads to other vulnerabilities.
[Test case]
Use a privately shared code to test it.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1954904/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
