lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <494a84f2-1a29-1521-e819-6e4fbed17641@iogearbox.net>
Date:   Mon, 11 Mar 2019 10:41:11 +0100
From:   Daniel Borkmann <daniel@...earbox.net>
To:     Jason Yan <yanaijie@...wei.com>
Cc:     Jann Horn <jannh@...gle.com>, ast@...nel.org,
        gregkh@...uxfoundation.org, "zhangyi (F)" <yi.zhang@...wei.com>,
        Zhaohongjiang <zhaohongjiang@...wei.com>, netdev@...r.kernel.org,
        stable@...r.kernel.org, bpf@...r.kernel.org
Subject: Re: 979d63d50c0c0f7bc537bf821e056cc9fe5abd38 bpf: prevent out of
 bounds speculation on pointer arithmetic

Hi Jason,

On 03/11/2019 10:18 AM, Jason Yan wrote:
> Hi, Daniel & Greg
> 
> This patch (979d63d50c0c bpf: prevent out of bounds speculation on pointer arithmetic) was assigned a CVE (CVE-2019-7308) with a high score:
> 
> CVSS v3.0 Severity and Metrics:
> Base Score: 9.8 CRITICAL
> 
> And this patch is not in stable-4.4, would you please backport this patch to 4.4?

We don't handle kernels as old as 4.4, so someone else would need to
do the backporting e.g. from your side. The series has been backported
to the last two most-recent stable kernels at that time (we usually
follow netdev practice here), and there have been asks about 4.14 as
well; I've been looking into backporting for the latter last two weeks
on and off, but there are conflicts all over the place in fragile core
areas where I didn't have enough free cycles to complete it yet. For
old kernels, you're probably better off doing something like this in
your tree instead of the huge complexity with a backport:

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index bc34cf9..2cea2de 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -47,7 +47,7 @@ static DEFINE_SPINLOCK(prog_idr_lock);
 static DEFINE_IDR(map_idr);
 static DEFINE_SPINLOCK(map_idr_lock);

-int sysctl_unprivileged_bpf_disabled __read_mostly;
+int sysctl_unprivileged_bpf_disabled __read_mostly = 1;

 static const struct bpf_map_ops * const bpf_map_types[] = {
 #define BPF_PROG_TYPE(_id, _ops)

Thanks,
Daniel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ