Headline
CVE-2017-17853: bpf/verifier: fix bounds calculation on BPF_RSH · torvalds/linux@4374f25
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.
Permalink
Browse files
bpf/verifier: fix bounds calculation on BPF_RSH
Incorrect signed bounds were being computed. If the old upper signed bound was positive and the old lower signed bound was negative, this could cause the new upper signed bound to be too low, leading to security issues.
Fixes: b03c9f9 (“bpf/verifier: track signed and unsigned min/max values”) Reported-by: Jann Horn [email protected] Signed-off-by: Edward Cree [email protected] Acked-by: Alexei Starovoitov [email protected] [[email protected]: changed description to reflect bug impact] Signed-off-by: Jann Horn [email protected] Signed-off-by: Alexei Starovoitov [email protected] Signed-off-by: Daniel Borkmann [email protected]
- Loading branch information