Описание
The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| linux | fixed | 4.4.2-1 | package | |
| linux | not-affected | jessie | package | |
| linux | not-affected | wheezy | package | |
| linux-2.6 | not-affected | package |
Примечания
Fixed by: https://git.kernel.org/linus/a1b14d27ed0965838350f1377ff97c93ee383492 (v4.5-rc4)
Introduced by: https://git.kernel.org/linus/9bac3d6d548e5cc925570b263f35b70a00a00ffd (v4.1-rc1)
https://www.openwall.com/lists/oss-security/2016/02/14/1
EPSS
Связанные уязвимости
The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.
The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.
The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.
The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.
EPSS