Updated: 2024-06-15 21:40:48.025762
Description:
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | HIGH | 7.2 |
CVSS Version 3.x | HIGH | 7.8 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
CentOS 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2021-11-02 14:03:33 | |
CentOS 8.4 ELS | kernel | 4.18.0 | 7.8 | HIGH | Released | CLSA-2022:1651145959 | 2022-04-28 16:00:01 |
CentOS 8.5 ELS | kernel | 4.18.0 | 7.8 | HIGH | Ignored | 2022-02-21 05:39:37 | |
CloudLinux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2022-03-30 18:50:47 | |
Oracle Linux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2022-03-30 18:50:47 | |
Ubuntu 16.04 ELS | linux | 4.4.0 | 7.8 | HIGH | Ignored | 2021-11-02 14:03:33 | |
Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 7.8 | HIGH | Already Fixed | 2022-09-28 03:36:22 |