Date: Wed, 17 Oct 2018 20:36:24 +0200 From: Jann Horn <jannh@...gle.com> To: oss-security@...ts.openwall.com Subject: Linux kernel: BPF verifier bug leads to out-of-bounds access (CVE-2018-18445; 4.14.9-4.14.74; 4.15-4.18.12) NOTE: I have requested a CVE identifier, and I'm sending this message, to make tracking of the fix easier; however, to avoid missing security fixes without CVE identifiers, you should *NOT* be cherry-picking a specific patch in response to a notification about a kernel security bug. In Linux kernel versions 4.14.9-4.14.74 and 4.15-4.18.12, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts. 4.18.13 and 4.14.75 are fixed. This is CVE-2018-18445. http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b799207e1e1816b09e7a5920fbb2d5fcf6edd681 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.13 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.75 https://bugs.chromium.org/p/project-zero/issues/detail?id=1686
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.