CVE Request: Linux: Incorrect branch fixups for eBPF allow arbitrary read

[Salvatore Bonaccorso <carnil () debian org>]

Hi

We would like to request a CVE for the following issue fixed in Linux
with the following commit, which as well contains an analysis:

https://git.kernel.org/linus/a1b14d27ed0965838350f1377ff97c93ee383492
(will be in v4.5-rc4):

> When ctx access is used, the kernel often needs to expand/rewrite
> instructions, so after that patching, branch offsets have to be
> adjusted for both forward and backward jumps in the new eBPF program,
> but for backward jumps it fails to account the delta. Meaning, for
> example, if the expansion happens exactly on the insn that sits at
> the jump target, it doesn't fix up the back jump offset.

The issue was introduced in v4.1-rc1 with commit
https://git.kernel.org/linus/9bac3d6d548e5cc925570b263f35b70a00a00ffd
.

Could you please assign a CVE for this issue?

Regards,
Salvatore