kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact. References: https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/bugfix/all/bpf-reject-out-of-bounds-stack-pointer-calculation.patch?h=stretch-security https://www.spinics.net/lists/stable/msg206985.html
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1529125]
Statement: This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.
(In reply to Pedro Sampaio from comment #0) > kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not > check the relationship between pointer values and the BPF stack, which > allows local users to cause a denial of service (integer overflow or invalid > memory access) or possibly have unspecified other impact. > > References: > > https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/bugfix/ > all/bpf-reject-out-of-bounds-stack-pointer-calculation.patch?h=stretch- > security > https://www.spinics.net/lists/stable/msg206985.html based on info from BZ1529120 is the requested 4.9 patch: bpf: reject out-of-bounds stack pointer calculation counterpart to upstream: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=179d1c5602997fef5a940c6ddcf31212cbfebd14. please let me know if that's correct or provide nother upstream patch thanks, jirka
Yes, I could confirm that the 4.9 patch aims to reflect the same behavior of this counterpart patch on the newer upstream code.