Other IDs this deficiency may be known by:
|Date Last Modified
Version Specific Information:
|Cucumber 1.0 i686||fixed in linux-4.9.72-i686-1 |
|Cucumber 1.0 x86_64||fixed in linux-4.9.72-x86_64-1 |
|Cucumber 1.1 i686
||fixed in linux-4.9.72-i686-1 |
|Cucumber 1.1 x86_64
||fixed in linux-4.9.72-x86_64-1 |
=================================== Overview ===================================
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through
4.14.8 allows local users to cause a denial of service (memory corruption) or
possibly have unspecified other impact by leveraging incorrect sign extension.
================================ Initial Report ================================
From the Linux Changelog
Author: Daniel Borkmann
Date: Fri Dec 22 16:29:05 2017 +0100
bpf: fix incorrect sign extension in check_alu_op()
From: Jann Horn
[ Upstream commit 95a762e2c8c942780948091f8f2a4f32fce1ac6f ]
BPF_ALU64|BPF_MOV|BPF_K (load 32-bit immediate, sign-extended to 64-bit)
and BPF_ALU|BPF_MOV|BPF_K (load 32-bit immediate, zero-padded to 64-bit);
only perform sign extension in the first case.
Starting with v4.14, this is exploitable by unprivileged users as long as
the unprivileged_bpf_disabled sysctl isn't set.
Debian assigned CVE-2017-16995 for this issue.
- add CVE number (Ben Hutchings)
Fixes: 484611357c19 ("bpf: allow access into map value arrays")
Signed-off-by: Jann Horn
Acked-by: Edward Cree
Signed-off-by: Alexei Starovoitov
Signed-off-by: Daniel Borkmann
Signed-off-by: Greg Kroah-Hartman
================================= Our Analysis =================================
----- Affected Products -----
Versions of the Linux Kernel 4.9 Series prior to 4.9.72 are vulnerable to this.
This includes the original versions of the Cucumber Linux 1.0 and 1.1 kernels.
----- Scope and Impact of this Vulnerability -----
This vulnerability allows local users to cause a system wide denial of service
via memory consumption and possibly has other unspecified impacts.
----- Fix for this Vulnerability -----
This vulnerablility can be fixed by upgrading to version 4.9.72 of the Linux
kernel of applying the patch from the commit
================================= Our Solution =================================
We have upgraded to Linux 4.9.72.