Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 14 Feb 2016 15:52:17 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Cc: Ben Hutchings <benh@...ian.org>
Subject: CVE Request: Linux: Incorrect branch fixups for eBPF allow arbitrary
 read

Hi

We would like to request a CVE for the following issue fixed in Linux
with the following commit, which as well contains an analysis:

https://git.kernel.org/linus/a1b14d27ed0965838350f1377ff97c93ee383492
(will be in v4.5-rc4):

> When ctx access is used, the kernel often needs to expand/rewrite
> instructions, so after that patching, branch offsets have to be
> adjusted for both forward and backward jumps in the new eBPF program,
> but for backward jumps it fails to account the delta. Meaning, for
> example, if the expansion happens exactly on the insn that sits at
> the jump target, it doesn't fix up the back jump offset.

The issue was introduced in v4.1-rc1 with commit
https://git.kernel.org/linus/9bac3d6d548e5cc925570b263f35b70a00a00ffd
.

Could you please assign a CVE for this issue?

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ