Linux ebpf logic vulnerability leads to critical memory read and write,An attacker with cap_bpf can gain root privileges or container escape. References: https://bugzilla.redhat.com/show_bug.cgi?id=2040599
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2056248]
Hi Pedro The information is quite scarce here to determine which kernel versions are affected by the issue. Can you point to the upstream fix in 5.17-rc1 which fixes the issue? I'm interested to correctly track this CVE in another downstream distribution. Many thanks already! Regards, Salvatore
In reply to comment #10: > Hi Pedro > > The information is quite scarce here to determine which kernel versions are > affected by the issue. Can you point to the upstream fix in 5.17-rc1 which > fixes the issue? I'm interested to correctly track this CVE in another > downstream distribution. > > Many thanks already! > > Regards, > Salvatore You can find the related commits here: https://access.redhat.com/security/cve/CVE-2022-0500
Hi Pedro, (In reply to Pedro Sampaio from comment #11) > In reply to comment #10: > > Hi Pedro > > > > The information is quite scarce here to determine which kernel versions are > > affected by the issue. Can you point to the upstream fix in 5.17-rc1 which > > fixes the issue? I'm interested to correctly track this CVE in another > > downstream distribution. > > > > Many thanks already! > > > > Regards, > > Salvatore > > You can find the related commits here: > > https://access.redhat.com/security/cve/CVE-2022-0500 Thank you!
Pedro, I wonder this is not duplicating CVE-2022-23222 right because treating a different aspect?
Given https://lore.kernel.org/stable/20220216225209.2196865-1-haoluo@google.com/ this would be separate from CVE-2022-23222 and the fix for this vulnerability is the there mentioned 7th patch ("bpf: Make per_cpu_ptr return rdonly PTR_TO_MEM").
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0724