oss-sec mailing list archives
Re: Linux Kernel bpf related UAF
From: cve-assign () mitre org
Date: Thu, 12 May 2016 11:27:49 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
the following reproducer will cause a UAF of a previously allocated memory in bpf. You can reproduce with linux kernel master, or 4.6-rc6 4.6-rc7 and maybe other kernel versions.
int main(int argc, char **argv) ... r[0] = syscall(SYS_mmap, ... ... r[5] = syscall(SYS_bpf, ...
Use CVE-2016-4794. (We did not run any tests, or look for other information, to investigate whether the same reproducer or a similar reproducer affects any kernel version that's considered stable or longterm.) - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXNKCMAAoJEHb/MwWLVhi2g8QP/3vBTsa8xuk8NWYWsv3jwNGu Ugpl+hUdkQHW4aFzxx96nePBPZpfVeNCGRMdtlCcKVb9wFNUSbRwDPBHFXrfKz9R KVf9VHi4CMcBlvPS0MvGZg52SQPAAO7O7cCWpEAdhyxW2gPPxKYo98x4xNuNVlWx POD/dVK9ll261g6W+CUSYPtwJgIrPSddnnNCUvbB+XIvV87MGSLp+nE6h8I3L2Yp ZisKaT6z6aHqqC0bcySk6V04UlbkfL83eahAz5bWvZeywUEjYvN+kOUlgR8TOxLC 8bIQ28Q043XM3VC853rhPQqe5enV6KDRrLgDu1paeFdKYcaHjGkHvkwjRfxjJZIC EsNdEl2vGjB1iGTUnFiUep9BteZBRrwfmaTE1yAseaUjEAx/3UK85PpTEqmNkON6 1HCInP0LOeZMcggVzBKgRKCXKJZiInxEtSBXhxnPGgxagkOD7enw86gWflSqz3ca wdRm/oADgCrQk6CsSGgusCouSyndC/T6ZRCa2/7vCecm2BBi8gxRuT4TZem3A6Ij x+zfK7QaMDtELPGL+/rVOSgVCTaihz7oGeBKzqJeuyAv7zN0LxYoNlBsmsoBSTYJ Uftvf0T7JTR3AQd1+tB2kOnyGOW4jSCNu66xNifR29j1C7jvKB0+uh891s/3mkzo Wttcn/XLKpzXFWtN+mjb =DWFZ -----END PGP SIGNATURE-----
Current thread:
- Linux Kernel bpf related UAF Marco Grassi (May 12)
- Re: Linux Kernel bpf related UAF cve-assign (May 12)
- Re: Linux Kernel bpf related UAF Marco Grassi (May 12)
- Re: Re: Linux Kernel bpf related UAF Daniel Borkmann (Jun 14)
- Re: Linux Kernel bpf related UAF cve-assign (May 12)