s390x BPF JIT vulnerabilities
Bug #1943960 reported by
Thadeu Lima de Souza Cascardo
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
Undecided
|
Unassigned | ||
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
s390 BPF JIT vulnerabilities allow the eBPF verifier to be bypassed, leading to possible local privilege escalation.
[Mitigation]
Disable unprivileged eBPF.
sysctl -w kernel.
[Potential regression]
BPF programs might execute incorrectly, affecting seccomp, socket filters, tracing and other BPF users.
Commits to address this are upstream in Linus' tree; they are:
1511df6f5e9e ("s390/bpf: Fix branch shortening during codegen pass")
6e61dc9da0b7 ("s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant")
db7bee653859 ("s390/bpf: Fix optimizing out zero-extensions")
and have been applied to the 5.14, 5.4 , 4.19, and 4.4 stable branches.
summary: |
- CRD-2021-09-21 + s390x BPF JIT vulnerabilities |
description: | updated |
information type: | Private Security → Public Security |
tags: | added: s390x |
Changed in ubuntu-z-systems: | |
status: | New → Fix Released |
description: | updated |
tags: |
added: kernel-cve-tracker removed: verification-needed-hirsute |
To post a comment you must log in.
This bug was fixed in the package linux - 5.11.0-36.40
---------------
linux (5.11.0-36.40) hirsute; urgency=medium
* s390x BPF JIT vulnerabilities (LP: #1943960)
- SAUCE: s390/bpf: Fix branch shortening during codegen pass
- SAUCE: s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
- SAUCE: s390/bpf: Fix optimizing out zero-extensions
-- Thadeu Lima de Souza Cascardo <email address hidden> Fri, 17 Sep 2021 12:17:08 -0300