Bug 2226783 (CVE-2023-39191, ZDI-CAN-19399) - CVE-2023-39191 kernel: eBPF: insufficient stack type checks in dynptr
Summary: CVE-2023-39191 kernel: eBPF: insufficient stack type checks in dynptr
Keywords:
Status: NEW
Alias: CVE-2023-39191, ZDI-CAN-19399
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2227282 2227283 2227284 2227285 2227286 2242087
Blocks: 2225771
TreeView+ depends on / blocked
 
Reported: 2023-07-26 14:04 UTC by Mauro Matteo Cascella
Modified: 2024-10-12 08:27 UTC (History)
51 users (show)

Fixed In Version: kernel 6.3-rc1
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:6835 0 None None None 2023-11-09 07:11:09 UTC
Red Hat Product Errata RHBA-2024:0688 0 None None None 2024-02-05 17:04:20 UTC
Red Hat Product Errata RHSA-2023:6583 0 None None None 2023-11-07 08:20:45 UTC
Red Hat Product Errata RHSA-2024:0381 0 None None None 2024-01-23 17:50:37 UTC
Red Hat Product Errata RHSA-2024:0439 0 None None None 2024-01-24 16:35:57 UTC
Red Hat Product Errata RHSA-2024:0448 0 None None None 2024-01-24 16:37:53 UTC

Description Mauro Matteo Cascella 2023-07-26 14:04:59 UTC 
BPF recently supported a new feature, dynptr (https://lwn.net/Articles/895885). An improper input validation issue was found in dynptr, potentially leading to local privilege escalation. This flaw requires CAP_BPF to be exploited.
Comment 14 Mauro Matteo Cascella 2023-10-04 10:19:24 UTC 
Upstream patch:
https://lore.kernel.org/all/20230121002241.2113993-1-memxor@gmail.com/
Comment 15 Mauro Matteo Cascella 2023-10-04 10:22:35 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2242087]
Comment 16 Mauro Matteo Cascella 2023-10-04 17:12:37 UTC 
ZDI security advisory:
https://www.zerodayinitiative.com/advisories/ZDI-CAN-19399
Comment 17 Justin M. Forbes 2023-10-05 14:23:12 UTC 
This was fixed for Fedora with the 6.2.3 stable kernel updates.
Comment 18 errata-xmlrpc 2023-11-07 08:20:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:6583
Comment 19 errata-xmlrpc 2024-01-23 17:50:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0381 https://access.redhat.com/errata/RHSA-2024:0381
Comment 20 errata-xmlrpc 2024-01-24 16:35:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0439 https://access.redhat.com/errata/RHSA-2024:0439
Comment 21 errata-xmlrpc 2024-01-24 16:37:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0448 https://access.redhat.com/errata/RHSA-2024:0448
Note You need to log in before you can comment on or make changes to this bug.