In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 19.10 |
||
netapp cloud backup - |
||
netapp steelstore cloud integrated storage - |
||
netapp solidfire - |
||
netapp hci management node - |
||
netapp a700s_firmware - |
||
netapp 8300_firmware - |
||
netapp 8700_firmware - |
||
netapp a400_firmware - |
||
netapp a320_firmware - |
||
netapp c190_firmware - |
||
netapp a220_firmware - |
||
netapp fas2720_firmware - |
||
netapp fas2750_firmware - |
||
netapp a800_firmware - |
||
netapp h300s_firmware - |
||
netapp h500s_firmware - |
||
netapp h700s_firmware - |
||
netapp h300e_firmware - |
||
netapp h500e_firmware - |
||
netapp h700e_firmware - |
||
netapp h410s_firmware - |
||
netapp h610c_firmware - |
||
netapp h610s_firmware - |
||
netapp h615c_firmware - |
Also, Zoom assembles security dream team to fix its ongoing woes
Roundup This week in The Reg's security roundup of the notable bits beyond what we've already covered, the Tor Project has cut back to its core team, Zoom has called in the big security guns, US tech firms are taking on its Congress – and more. First off, it has been a bad weekend for 13 staffers at the nonprofit Tor Project after they were let go as the team was reduced to core operations only. "Like many other nonprofits and small businesses, the crisis has hit us hard, and we have had to ma...