oss-sec mailing list archives
Re: Re: CVE Requests: Linux: BPF flaws (one use-after-free / local root privilege escalation)
From: Jann Horn <jannh () google com>
Date: Mon, 9 May 2016 10:53:39 -0700
On Fri, May 6, 2016 at 8:40 AM, <cve-assign () mitre org> wrote:
bpf: fix check_map_func_compatibility logic https://git.kernel.org/linus/6aff67c85c9e5a4bc99e5211c1bac547936626ca Not sure though if the later one has a security impact.We have not yet assigned a CVE ID to 6aff67c85c9e5a4bc99e5211c1bac547936626ca in case someone else wants to provide additional information.
I'm the original reporter of that bug. As far as I can tell, its impact is low - you could use it to: - obtain the ability to execute BPF programs that are owned by other processes - perhaps cause a NULL dereference in an exiting task if the BPF program is executed in softirq context after exit_files() has nulled tsk->files
Current thread:
- CVE Requests: Linux: BPF flaws (one use-after-free / local root privilege escalation) Salvatore Bonaccorso (May 06)
- Re: CVE Requests: Linux: BPF flaws (one use-after-free / local root privilege escalation) cve-assign (May 06)
- Re: Re: CVE Requests: Linux: BPF flaws (one use-after-free / local root privilege escalation) Jann Horn (May 09)
- Re: CVE Requests: Linux: BPF flaws (one use-after-free / local root privilege escalation) cve-assign (May 06)