The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel prior to 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel |
||
linux linux kernel 4.5.0 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 15.10 |
||
opensuse leap 42.1 |