Headline
CVE-2017-17855: bpf: don't prune branches when a scalar is replaced with a pointer · torvalds/linux@179d1c5
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.
Permalink
Browse files
bpf: don’t prune branches when a scalar is replaced with a pointer
This could be made safe by passing through a reference to env and checking for env->allow_ptr_leaks, but it would only work one way and is probably not worth the hassle - not doing it will not directly lead to program rejection.
Fixes: f1174f7 (“bpf/verifier: rework value tracking”) Signed-off-by: Jann Horn [email protected] Signed-off-by: Alexei Starovoitov [email protected] Signed-off-by: Daniel Borkmann [email protected]
- Loading branch information