Back to bug 1308452
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Andrej Nemec | 2016-02-15 09:30:13 UTC | Depends On | 1308453 | |
| Andrej Nemec | 2016-02-15 09:31:48 UTC | Blocks | 1308454 | |
| Salvatore Bonaccorso | 2016-02-15 21:00:16 UTC | CC | carnil | |
| Slawomir Czarko | 2016-02-17 09:49:34 UTC | CC | slawomir | |
| Vladis Dronov | 2016-02-18 13:09:47 UTC | Whiteboard | impact=moderate,public=20160214,reported=20160214,source=oss-security,cvss2=3.7/AV:L/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-125,rhel-5/kernel=affected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/arm-kernel=affected,fedora-all/kernel=affected | impact=moderate,public=20160214,reported=20160214,source=oss-security,cvss2=1.7/AV:L/AC:L/Au:S/C:P/I:N/A:N,cwe=CWE-125,rhel-5/kernel=affected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/arm-kernel=affected,fedora-all/kernel=affected |
| Vladis Dronov | 2016-02-18 13:10:12 UTC | Whiteboard | impact=moderate,public=20160214,reported=20160214,source=oss-security,cvss2=1.7/AV:L/AC:L/Au:S/C:P/I:N/A:N,cwe=CWE-125,rhel-5/kernel=affected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/arm-kernel=affected,fedora-all/kernel=affected | impact=low,public=20160214,reported=20160214,source=oss-security,cvss2=1.7/AV:L/AC:L/Au:S/C:P/I:N/A:N,cwe=CWE-125,rhel-5/kernel=affected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/arm-kernel=affected,fedora-all/kernel=affected |
| Vladis Dronov | 2016-02-18 13:10:27 UTC | Severity | medium | low |
| Vladis Dronov | 2016-02-18 13:10:42 UTC | Priority | medium | low |
| Vladis Dronov | 2016-02-18 13:13:51 UTC | CC | vdronov | |
| Doc Text | When ctx access is used, the kernel often needs to expand/rewrite instructions, so after that patching, branch offsets have to be adjusted for both forward and backward jumps in the new eBPF program, but for backward jumps it fails to account the delta. Meaning, for example, if the expansion happens exactly on the insn that sits at the jump target, it doesn't fix up the back jump offset, which leads to incorrect execution of eBPF programs. | |||
| Whiteboard | impact=low,public=20160214,reported=20160214,source=oss-security,cvss2=1.7/AV:L/AC:L/Au:S/C:P/I:N/A:N,cwe=CWE-125,rhel-5/kernel=affected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/arm-kernel=affected,fedora-all/kernel=affected | impact=low,public=20160214,reported=20160214,source=oss-security,cvss2=1.7/AV:L/AC:L/Au:S/C:P/I:N/A:N,cwe=CWE-125,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=notaffected,rhel-7/kernel-rt=notaffected,mrg-2/realtime-kernel=notaffected,rhelsa-7/arm-kernel=affected,fedora-all/kernel=affected | ||
| Vladis Dronov | 2016-02-18 15:33:49 UTC | Status | NEW | CLOSED |
| Resolution | --- | NOTABUG | ||
| Last Closed | 2016-02-18 10:33:49 UTC | |||
| Vladis Dronov | 2016-02-18 16:03:34 UTC | Whiteboard | impact=low,public=20160214,reported=20160214,source=oss-security,cvss2=1.7/AV:L/AC:L/Au:S/C:P/I:N/A:N,cwe=CWE-125,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=notaffected,rhel-7/kernel-rt=notaffected,mrg-2/realtime-kernel=notaffected,rhelsa-7/arm-kernel=affected,fedora-all/kernel=affected | impact=low,public=20160214,reported=20160214,source=oss-security,cvss2=1.7/AV:L/AC:L/Au:S/C:P/I:N/A:N,cwe=CWE-125,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=notaffected,rhel-7/kernel-rt=notaffected,mrg-2/realtime-kernel=notaffected,rhelsa-7/arm-kernel=notaffected,fedora-all/kernel=affected |
| Martin Prpič | 2016-03-15 11:33:37 UTC | Doc Text | When ctx access is used, the kernel often needs to expand/rewrite instructions, so after that patching, branch offsets have to be adjusted for both forward and backward jumps in the new eBPF program, but for backward jumps it fails to account the delta. Meaning, for example, if the expansion happens exactly on the insn that sits at the jump target, it doesn't fix up the back jump offset, which leads to incorrect execution of eBPF programs. | |
| Product Security DevOps Team | 2019-09-29 13:44:17 UTC | Whiteboard | impact=low,public=20160214,reported=20160214,source=oss-security,cvss2=1.7/AV:L/AC:L/Au:S/C:P/I:N/A:N,cwe=CWE-125,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=notaffected,rhel-7/kernel-rt=notaffected,mrg-2/realtime-kernel=notaffected,rhelsa-7/arm-kernel=notaffected,fedora-all/kernel=affected |
Back to bug 1308452