1454647 – (CVE-2017-9150) CVE-2017-9150 kernel: eBPF verifier log leaks lower half of map pointer

Bug 1454647 (CVE-2017-9150) - CVE-2017-9150 kernel: eBPF verifier log leaks lower half of map pointer

Summary: CVE-2017-9150 kernel: eBPF verifier log leaks lower half of map pointer

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2017-9150
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1454648 1461952
Blocks:	1454650
TreeView+	depends on / blocked

Reported:	2017-05-23 09:04 UTC by Adam Mariš
Modified:	2021-02-17 02:07 UTC (History)
CC List:	38 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.
Clone Of:
Environment:
Last Closed:	2017-06-13 16:24:28 UTC
Embargoed:

Attachments	(Terms of Use)

Description Adam Mariš 2017-05-23 09:04:45 UTC

The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive kernel information address information via crafted bpf system calls.

Upstream patch:

https://github.com/torvalds/linux/commit/0d0e57697f162da4aa218b5feafe614fb666db07

External References:

https://packetstormsecurity.com/files/142630/GS20170523000807.txt

Comment 1 Adam Mariš 2017-05-23 09:05:28 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1454648]

Comment 2 Wade Mealing 2017-05-30 02:36:45 UTC

Statement:

Comment 3 Wade Mealing 2017-05-30 02:37:07 UTC

Statement:

This issue did not affect the versions of the kernel as shipped with Red Hat Enterprise Linux 5, 6,7 and MRG2/realtime kernels.

Comment 6 Justin M. Forbes 2017-05-30 14:39:11 UTC

This issue was resolved with the 4.11.1 and newer kernels for Fedora

Note You need to log in before you can comment on or make changes to this bug.

agordeev
aquini
bhu
blc
dhoward
esammons
fhrbata
gansalmon
hkrzesin
hwkernel-mgr
iboverma
ichavero
itamar
jforbes
jkacur
jonathan
jross
jwboyer
kernel-maint
kernel-mgr
labbott
lgoncalv
lwang
madhu.chinakonda
matt
mchehab
mcressma
mguzik
mlangsdo
nmurray
pholasek
plougher
rt-maint
rvrbovsk
slawomir
vdronov
williams
wmealing