Bug 1233615 (CVE-2015-4700)
| Summary: | CVE-2015-4700 kernel: Crafted BPF filters may crash kernel during JIT optimisation | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Wade Mealing <wmealing> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | aquini, arm-mgr, bhu, blc, carnil, dhoward, fhrbata, gansalmon, iboverma, itamar, jforbes, jiji, jkacur, joelsmith, jonathan, jross, jwboyer, kernel-maint, kernel-mgr, lgoncalv, madhu.chinakonda, matt, mchehab, mcressma, mlangsdo, nmurray, plougher, pmatouse, rt-maint, rvrbovsk, security-response-team, slong, vgoyal, williams |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
A flaw was found in the kernel's implementation of the Berkeley Packet Filter (BPF). A local attacker could craft BPF code to crash the system by creating a situation in which the JIT compiler would fail to correctly optimize the JIT image on the last pass. This would lead to the CPU executing instructions that were not part of the JIT code.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-08 02:41:56 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1236938, 1236939, 1236941, 1236942, 1236943, 1236944, 1236946, 1246323 | ||
| Bug Blocks: | 1226003 | ||
|
Description
Wade Mealing
2015-06-19 09:44:27 UTC
Acknowledgements: Red Hat would like to thank Daniel Borkmann for reporting this issue. CVE assigned: http://seclists.org/oss-sec/2015/q2/785 Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1236946] Statement: This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6 as it does not contain the affected code. This does not affect the Red Hat Enterprise MRG 2 as it does not enable the affected code at compile time. This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7. Mitigation: This issue does not affect most systems by default. An administrator would need to have enabled the BPF JIT to be affected. It can be disabled immediately with the command: # echo 0 > /proc/sys/net/core/bpf_jit_enable Or it can be disabled for all subsequent boots of the system by setting a value in /etc/sysctl.d/44-bpf-jit-disable ## start file ## net.core.bpf_jit_enable=0 ## end file ## This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:1788 https://rhn.redhat.com/errata/RHSA-2015-1788.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:1778 https://rhn.redhat.com/errata/RHSA-2015-1778.html |