Red Hat Bugzilla – Bug 1308452
CVE-2016-2383 kernel: incorrect branch fixups for eBPG allow arbitrary read
Last modified: 2016-05-15 05:24:45 EDT
When ctx access is used, the kernel often needs to expand/rewrite
instructions, so after that patching, branch offsets have to be
adjusted for both forward and backward jumps in the new eBPF program,
but for backward jumps it fails to account the delta. Meaning, for
example, if the expansion happens exactly on the insn that sits at
the jump target, it doesn't fix up the back jump offset.
Upstream report and fix:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1308453]
This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG-2, as the code with the flaw is not present in the products listed.
kernel-4.3.6-201.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
kernel-4.4.2-301.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
kernel-4.4.3-201.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.