CVE-2017-16995 - log back

CVE-2017-16995 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Privilege escalation
Description
+ An arbitrary memory r/w access issue was found in the Linux kernel before 4.14.9, 4.9.72 compiled with the eBPF bpf(2) system call (CONFIG_BPF_SYSCALL) support. The issue could occur due to calculation errors in the eBPF verifier module, triggered by user supplied malicious BPF program. An unprivileged user could use this flaw to escalate their privileges on a system. Setting parameter "kernel.unprivileged_bpf_disabled=1" prevents such privilege escalation by restricting access to bpf(2) call.
References
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
+ http://www.openwall.com/lists/oss-security/2017/12/21/2
+ https://git.kernel.org/linus/95a762e2c8c942780948091f8f2a4f32fce1ac6f
Notes
+ Workaround by disabling unprivileged bpf:
+ sysctl -w kernel.unprivileged_bpf_disabled=1