CVE-2020-27171 log

Source
Severity Medium
Remote No
Type Information disclosure
Description
A numeric error in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation) has been identified. Unprivileged BPF programs running on affected 64-bit systems can exploit this to execute speculatively out-of-bounds loads from 4GB window within the kernel memory. This can be abused to extract contents of kernel memory via side-channel. The identified issue is when computing ptr_limit for preventing out-of-bounds speculation on pointer arithmetic. The computation of ptr_limit is off-by-one whenever the pointer moves to the left. The computed ptr_limit is zero in particular when subtracting zero offset from a pointer that is already at the beginning of map element value. This leads to integer underflow in fixup_bpf_calls() where sanitization code is generated. The issue is fixed in kernel versions 5.11.8 and 5.10.25.
Group Package Affected Fixed Severity Status Ticket
AVG-1714 linux-lts 5.10.24-1 5.10.25-1 Medium Fixed
AVG-1713 linux-zen 5.11.7.zen1-1 5.11.8.zen1-1 Medium Fixed
AVG-1712 linux-hardened 5.11.7.hardened1-1 5.11.8.hardened1-1 Medium Fixed
AVG-1711 linux 5.11.7.arch1-1 5.11.8.arch1-1 Medium Fixed
References
https://www.openwall.com/lists/oss-security/2021/03/19/3
https://www.openwall.com/lists/oss-security/2021/03/24/5
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.8&id=c4f3aa4343deccf5b8e1bfcc7c36224aaf3a8b26
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.25&id=ac1b87a18c1ffbe3d093000b762121b5aae0a3f9