/ linux Public
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
bpf: fix incorrect sign extension in check_alu_op()
Distinguish between BPF_ALU64|BPF_MOV|BPF_K (load 32-bit immediate, sign-extended to 64-bit) and BPF_ALU|BPF_MOV|BPF_K (load 32-bit immediate, zero-padded to 64-bit); only perform sign extension in the first case. Starting with v4.14, this is exploitable by unprivileged users as long as the unprivileged_bpf_disabled sysctl isn't set. Debian assigned CVE-2017-16995 for this issue. v3: - add CVE number (Ben Hutchings) Fixes: 4846113 ("bpf: allow access into map value arrays") Signed-off-by: Jann Horn <email@example.com> Acked-by: Edward Cree <firstname.lastname@example.org> Signed-off-by: Alexei Starovoitov <email@example.com> Signed-off-by: Daniel Borkmann <firstname.lastname@example.org>
- Loading branch information
Showing 1 changed file with 7 additions and 1 deletion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes，its not good for Ubuntu16.04.1-16.04.4