Date: Sun, 14 Feb 2016 15:52:17 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Cc: Ben Hutchings <benh@...ian.org> Subject: CVE Request: Linux: Incorrect branch fixups for eBPF allow arbitrary read Hi We would like to request a CVE for the following issue fixed in Linux with the following commit, which as well contains an analysis: https://git.kernel.org/linus/a1b14d27ed0965838350f1377ff97c93ee383492 (will be in v4.5-rc4): > When ctx access is used, the kernel often needs to expand/rewrite > instructions, so after that patching, branch offsets have to be > adjusted for both forward and backward jumps in the new eBPF program, > but for backward jumps it fails to account the delta. Meaning, for > example, if the expansion happens exactly on the insn that sits at > the jump target, it doesn't fix up the back jump offset. The issue was introduced in v4.1-rc1 with commit https://git.kernel.org/linus/9bac3d6d548e5cc925570b263f35b70a00a00ffd . Could you please assign a CVE for this issue? Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ