Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-17862  

It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 and 4.9.72 ignore unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service.

Source
Severity Medium

Remote No

Type Denial of service

Description 

It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 and 4.9.72 ignore unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service.

AVG-574 linux-hardened 4.14.7.a-1 4.14.11.a-1 High Fixed FS#56832

AVG-571 linux-zen 4.14.7-1 4.14.11-1 High Fixed FS#56832

AVG-561 linux-lts 4.9.68-1 4.9.74-1 High Fixed

AVG-552 linux 4.14.7-1 4.14.11-1 High Fixed FS#56832

05 Jan 2018 ASA-201801-4 AVG-574 linux-hardened High multiple issues

05 Jan 2018 ASA-201801-3 AVG-571 linux-zen High multiple issues

05 Jan 2018 ASA-201801-2 AVG-561 linux-lts High multiple issues

05 Jan 2018 ASA-201801-1 AVG-552 linux High multiple issues 

https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
http://www.openwall.com/lists/oss-security/2017/12/21/2
https://git.kernel.org/linus/c131187db2d3fa2f8bf32fdf4e9a4ef805168467

Workaround by disabling unprivileged bpf:
sysctl -w kernel.unprivileged_bpf_disabled=1

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started