CVE-2017-16995

Source
Severity High
Remote No
Type Privilege escalation
Description
An arbitrary memory r/w access issue was found in the Linux kernel before 4.14.9, 4.9.72 compiled with the eBPF bpf(2) system call (CONFIG_BPF_SYSCALL) support. The issue could occur due to calculation errors in the eBPF verifier module, triggered by user supplied malicious BPF program. An unprivileged user could use this flaw to escalate their privileges on a system. Setting parameter "kernel.unprivileged_bpf_disabled=1" prevents such privilege escalation by restricting access to bpf(2) call.
Group Package Affected Fixed Severity Status Ticket
AVG-574 linux-hardened 4.14.7.a-1 4.14.11.a-1 High Fixed FS#56832
AVG-571 linux-zen 4.14.7-1 4.14.11-1 High Fixed FS#56832
AVG-561 linux-lts 4.9.68-1 4.9.74-1 High Fixed
AVG-552 linux 4.14.7-1 4.14.11-1 High Fixed FS#56832
Date Advisory Group Package Severity Description
05 Jan 2018 ASA-201801-4 AVG-574 linux-hardened High multiple issues
05 Jan 2018 ASA-201801-3 AVG-571 linux-zen High multiple issues
05 Jan 2018 ASA-201801-2 AVG-561 linux-lts High multiple issues
05 Jan 2018 ASA-201801-1 AVG-552 linux High multiple issues
References
https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
http://www.openwall.com/lists/oss-security/2017/12/21/2
https://git.kernel.org/linus/95a762e2c8c942780948091f8f2a4f32fce1ac6f
Notes
Workaround by disabling unprivileged bpf:
sysctl -w kernel.unprivileged_bpf_disabled=1