Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 14 Feb 2016 15:52:17 +0100
From: Salvatore Bonaccorso <>
To: OSS Security Mailinglist <>
Cc: Ben Hutchings <>
Subject: CVE Request: Linux: Incorrect branch fixups for eBPF allow arbitrary


We would like to request a CVE for the following issue fixed in Linux
with the following commit, which as well contains an analysis:
(will be in v4.5-rc4):

> When ctx access is used, the kernel often needs to expand/rewrite
> instructions, so after that patching, branch offsets have to be
> adjusted for both forward and backward jumps in the new eBPF program,
> but for backward jumps it fails to account the delta. Meaning, for
> example, if the expansion happens exactly on the insn that sits at
> the jump target, it doesn't fix up the back jump offset.

The issue was introduced in v4.1-rc1 with commit

Could you please assign a CVE for this issue?


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ