CVE-2020-27170 - log back

CVE-2020-27170 edited at 24 Mar 2021 20:30:29
References
https://www.openwall.com/lists/oss-security/2021/03/19/2
+ https://www.openwall.com/lists/oss-security/2021/03/24/4
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.8&id=6bf7609666f6b2a9169c39c79a47ef8d6082afae
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.25&id=c4d37eea1c641a9319baf34253cc373abb39d3e1
CVE-2020-27170 edited at 20 Mar 2021 19:01:32
Description
- A gap in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation) has been identified. Unprivileged BPF programs running on affected systems can bypass the protection and execute speculatively out-of-bounds loads from any location within the kernel memory. This can be abused to extract contents of kernel memory via side-channel. The identified gap is that unprivileged BPF programs are allowed to perform pointer arithmetic on particular pointer types not defining ptr_limit. Pointer arithmetic on such pointer types is not protected against out-of-bounds speculation.
+ A gap in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation) has been identified. Unprivileged BPF programs running on affected systems can bypass the protection and execute speculatively out-of-bounds loads from any location within the kernel memory. This can be abused to extract contents of kernel memory via side-channel. The identified gap is that unprivileged BPF programs are allowed to perform pointer arithmetic on particular pointer types not defining ptr_limit. Pointer arithmetic on such pointer types is not protected against out-of-bounds speculation. The issue is fixed in kernel versions 5.11.8 and 5.10.25.
References
https://www.openwall.com/lists/oss-security/2021/03/19/2
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f232326f6966cf2a1d1db7bc917a4ce5f9f55f76
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.8&id=6bf7609666f6b2a9169c39c79a47ef8d6082afae
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.25&id=c4d37eea1c641a9319baf34253cc373abb39d3e1
CVE-2020-27170 edited at 19 Mar 2021 12:13:47
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ A gap in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation) has been identified. Unprivileged BPF programs running on affected systems can bypass the protection and execute speculatively out-of-bounds loads from any location within the kernel memory. This can be abused to extract contents of kernel memory via side-channel. The identified gap is that unprivileged BPF programs are allowed to perform pointer arithmetic on particular pointer types not defining ptr_limit. Pointer arithmetic on such pointer types is not protected against out-of-bounds speculation.
References
+ https://www.openwall.com/lists/oss-security/2021/03/19/2
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f232326f6966cf2a1d1db7bc917a4ce5f9f55f76
Notes
CVE-2020-27170 created at 19 Mar 2021 12:11:44