2031183 – (CVE-2018-25020) CVE-2018-25020 kernel: long jump over an instruction sequence can lead to overflow in the BPF subsystem

Bug 2031183 (CVE-2018-25020) - CVE-2018-25020 kernel: long jump over an instruction sequence can lead to overflow in the BPF subsystem

Summary: CVE-2018-25020 kernel: long jump over an instruction sequence can lead to ove...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2018-25020
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2031184
Blocks:	2031185
TreeView+	depends on / blocked

Reported:	2021-12-10 17:49 UTC by Guilherme de Almeida Suckevicz
Modified:	2022-02-17 08:25 UTC (History)
CC List:	49 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A buffer overflow flaw in the Linux kernel BPF subsystem was found in the way users run BPF with long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. A local user could use this flaw to crash the system or escalate their privileges on the system.
Clone Of:
Environment:
Last Closed:	2021-12-16 22:26:15 UTC
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-12-10 17:49:45 UTC

The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.

Reference and upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=050fad7c4534c13c8eb1d9c2ba66012e014773cb

Comment 1 Guilherme de Almeida Suckevicz 2021-12-10 17:50:48 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2031184]

Comment 2 Justin M. Forbes 2021-12-13 20:14:53 UTC

This was fixed in 4.17 upstream so has not impacted Fedora in years.

Comment 4 Product Security DevOps Team 2021-12-16 22:26:10 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-25020

Note You need to log in before you can comment on or make changes to this bug.

acaringi
adscvr
airlied
alciregi
bdettelb
bhu
blc
brdeoliv
bskeggs
chwhite
crwood
dhoward
dvlasenk
fhrbata
fpacheco
hdegoede
hkrzesin
jarod
jarodwilson
jburrell
jeremy
jfaracco
jforbes
jglisse
jlelli
jonathan
josef
jshortt
jstancek
jwboyer
kcarcia
kernel-maint
kernel-mgr
lgoncalv
linville
lzampier
masami256
mchehab
mlangsdo
nmurray
ptalbert
qzhao
rvrbovsk
scweaver
security-response-team
steved
vkumar
walters
williams