An issue has been discovered in the Linux kernel that can be abused by unprivileged local users to escalate privileges. The issue is with how the BPF verifier computes limits to enforce on the pointer arithmetic operations in BPF programs. In a particular scenario these limits are computed incorrectly. When any incorrect limits are enforced, performing the pointer arithmetic operation may lead to out-of-bounds reads and writes in the kernel memory.
An issue has been discovered in the Linux kernel that can be abused by unprivileged local users to escalate privileges. The issue is with how the BPF verifier computes limits to enforce on the pointer arithmetic operations in BPF programs. In a particular scenario these limits are computed incorrectly. When any incorrect limits are enforced, performing the pointer arithmetic operation may lead to out-of-bounds reads and writes in the kernel memory.
https://www.openwall.com/lists/oss-security/2021/05/27/1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3d0220f6861d713213b015b582e9f21e5b28d2e0 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bb01a1bba579b4b1c5566af24d95f1767859771e https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a7036191277f9fa68d92f2071ddc38c09b1e5ee5
Vulmon