Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via or IRC

Bug 642312 (CVE-2017-16996)

Summary: kernel: memory corruption caused by BPF verifier bugs can allow for arbitrary code execution (CVE-2017-16996)
Product: Gentoo Security Reporter: Thomas Deutschmann <whissi>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: CONFIRMED ---    
Severity: critical CC: kernel, kfm
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A1
Package list:
Runtime testing required: ---

Description Thomas Deutschmann gentoo-dev Security 2017-12-26 12:59:28 UTC
Linux kernel built with the eBPF bpf(2) system call(CONFIG_BPF_SYSCALL) support
is vulnerable to an arbitrary memory r/w access issue. It could occur if a user supplied a malicious BPF program which results calculations error in eBPF verifier module.

An unprivileged user could use this flaw to escalate their privileges on a system.

Upstream patch


  # echo 1 > /proc/sys/kernel/unprivileged_bpf_disabled