Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 642306 (CVE-2017-16995)

Summary: kernel: memory corruption caused by BPF verifier bugs can allow for arbitrary code execution (CVE-2017-16995)
Product: Gentoo Security Reporter: Alice Ferrazzi <alicef>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Severity: critical CC: kernel, kfm
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Package list:
Runtime testing required: ---

Description Alice Ferrazzi Gentoo Infrastructure gentoo-dev 2017-12-26 12:27:58 UTC
Incoming details.

Reproducible: Always
Comment 1 Alice Ferrazzi Gentoo Infrastructure gentoo-dev 2017-12-26 12:35:44 UTC
==== Summary ====

A few BPF verifier bugs in the Linux kernel, most of which can be used
for controlled memory corruption.

===== POC =====

PoC for "bpf: fix incorrect sign extension in check_alu_op()"

===== Affected Versions =====

One of the bugs was introduced in 4.9, the others were only introduced
in 4.14.
Affected Linux kernel through 4.14.8

RHEL claimed by the vendor as not affected.

Fixed on Dec 21, 2017:

===== Timeline =====

21.12.17 — Public announcement

===== Credit =====

Debian GNU/Linux
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-12-26 12:50:03 UTC

Linux kernel built with the eBPF bpf(2) system call(CONFIG_BPF_SYSCALL) support
is vulnerable to an arbitrary memory r/w access issue. It could occur if a user supplied a malicious BPF program which results calculations error in eBPF verifier module.

An unprivileged user could use this flaw to escalate their privileges on a system.

Upstream patch


  # echo 1 > /proc/sys/kernel/unprivileged_bpf_disabled
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-26 00:38:20 UTC
Fix in 4.9.72, 4.14.9, 4.15.