Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 17 Oct 2018 20:36:24 +0200
From: Jann Horn <jannh@...gle.com>
To: oss-security@...ts.openwall.com
Subject: Linux kernel: BPF verifier bug leads to out-of-bounds access
 (CVE-2018-18445; 4.14.9-4.14.74; 4.15-4.18.12)

NOTE: I have requested a CVE identifier, and I'm sending this message,
to make tracking of the fix easier; however, to avoid missing security
fixes without CVE identifiers, you should *NOT* be cherry-picking a
specific patch in response to a notification about a kernel security
bug.

In Linux kernel versions 4.14.9-4.14.74 and 4.15-4.18.12, faulty
computation of numeric bounds in the BPF verifier permits
out-of-bounds memory accesses because adjust_scalar_min_max_vals in
kernel/bpf/verifier.c mishandles 32-bit right shifts. 4.18.13 and
4.14.75 are fixed.

This is CVE-2018-18445.

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b799207e1e1816b09e7a5920fbb2d5fcf6edd681
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.13
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.75
https://bugs.chromium.org/p/project-zero/issues/detail?id=1686

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.