Bug 1308452 - (CVE-2016-2383) CVE-2016-2383 kernel: incorrect branch fixups for eBPG allow arbitrary read
CVE-2016-2383 kernel: incorrect branch fixups for eBPG allow arbitrary read
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20160214,reported=2...
: Security
Depends On: 1308453
Blocks: 1308454
  Show dependency treegraph
 
Reported: 2016-02-15 04:29 EST by Andrej Nemec
Modified: 2016-05-15 05:24 EDT (History)
35 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-02-18 10:33:49 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrej Nemec 2016-02-15 04:29:47 EST
When ctx access is used, the kernel often needs to expand/rewrite
instructions, so after that patching, branch offsets have to be
adjusted for both forward and backward jumps in the new eBPF program,
but for backward jumps it fails to account the delta. Meaning, for
example, if the expansion happens exactly on the insn that sits at
the jump target, it doesn't fix up the back jump offset.

Upstream report and fix:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1b14d27ed0965838350f1377ff97c93ee383492

External reference:

http://seclists.org/oss-sec/2016/q1/330

CVE assignment:

http://seclists.org/oss-sec/2016/q1/333
Comment 1 Andrej Nemec 2016-02-15 04:30:28 EST
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1308453]
Comment 3 Vladis Dronov 2016-02-18 10:33:49 EST
Statement:

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG-2, as the code with the flaw is not present in the products listed.
Comment 4 Fedora Update System 2016-02-28 03:20:10 EST
kernel-4.3.6-201.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2016-02-28 07:21:31 EST
kernel-4.4.2-301.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2016-03-04 20:19:12 EST
kernel-4.4.3-201.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.