2041547 – (CVE-2022-0264) CVE-2022-0264 kernel: address leakage in BPF atomic fetch

Bug 2041547 (CVE-2022-0264) - CVE-2022-0264 kernel: address leakage in BPF atomic fetch

Summary: CVE-2022-0264 kernel: address leakage in BPF atomic fetch

Keywords:
Status:	NEW
Alias:	CVE-2022-0264
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2041548 2046633 2046634 2046636 2046637
Blocks:	2039885
TreeView+	depends on / blocked

Reported:	2022-01-17 16:51 UTC by Guilherme de Almeida Suckevicz
Modified:	2023-11-16 07:49 UTC (History)
CC List:	41 users (show)
Fixed In Version:	kernel 5.16-rc6
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2022-01-17 16:51:37 UTC

A flaw was found in the Linux kernel. There is an address leakage in BPF atomic fetch.  This allows a local user with the ability to insert EBPF rules to be able to gather additional information for further attacks on the kernel.

Reference and upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=7d3baf0afa3aa9102d6a521a8e4c41888bb79882

Comment 1 Guilherme de Almeida Suckevicz 2022-01-17 16:52:58 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2041548]

Comment 2 Justin M. Forbes 2022-01-17 22:18:10 UTC

This was fixed for Fedora with the 5.15.11 stable kernel updates.

Note You need to log in before you can comment on or make changes to this bug.

acaringi
adscvr
airlied
alciregi
bhu
chwhite
crwood
dvlasenk
hdegoede
hkrzesin
jarod
jarodwilson
jburrell
jeremy
jfaracco
jforbes
jglisse
jlelli
jonathan
josef
jshortt
jstancek
jwboyer
kcarcia
kernel-maint
kernel-mgr
kyoshida
lgoncalv
linville
lzampier
masami256
mchehab
nmurray
ptalbert
qzhao
rvrbovsk
scweaver
steved
vkumar
walters
williams