A flaw was found in the kernels implementation of the Berkly Packet Filter. Specially crafted BPF code may be able to crash the system by creating a situation in which the JIT compiler will fail to correctly optimise the JIT image on the last pass. This would to the CPU executing instructions that were not part of the JIT code. Workaround: This issue does not affect most systems by default. An administrator would need to have enabled the BPF JIT to be affected. It can be disabled immediately with the command: # echo 0 > /proc/sys/net/core/bpf_jit_enable Or it can be disabled for all subsequent boots of the system by setting a value in /etc/sysctl.d/44-bpf-jit-disable ## start file ## net.core.bpf_jit_enable=0 ## end file ## Resources: http://seclists.org/oss-sec/2015/q2/784 https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/id=3f7352bf21f8fd7ba3e2fcef9488756f188e12be
Acknowledgements: Red Hat would like to thank Daniel Borkmann for reporting this issue.
CVE assigned: http://seclists.org/oss-sec/2015/q2/785
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1236946]
Statement: This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6 as it does not contain the affected code. This does not affect the Red Hat Enterprise MRG 2 as it does not enable the affected code at compile time. This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7.
Mitigation: This issue does not affect most systems by default. An administrator would need to have enabled the BPF JIT to be affected. It can be disabled immediately with the command: # echo 0 > /proc/sys/net/core/bpf_jit_enable Or it can be disabled for all subsequent boots of the system by setting a value in /etc/sysctl.d/44-bpf-jit-disable ## start file ## net.core.bpf_jit_enable=0 ## end file ##
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:1788 https://rhn.redhat.com/errata/RHSA-2015-1788.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:1778 https://rhn.redhat.com/errata/RHSA-2015-1778.html