CVE-2020-27171 log

Severity Medium
Remote No
Type Information disclosure
A numeric error in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation) has been identified. Unprivileged BPF programs running on affected 64-bit systems can exploit this to execute speculatively out-of-bounds loads from 4GB window within the kernel memory. This can be abused to extract contents of kernel memory via side-channel. The identified issue is when computing ptr_limit for preventing out-of-bounds speculation on pointer arithmetic. The computation of ptr_limit is off-by-one whenever the pointer moves to the left. The computed ptr_limit is zero in particular when subtracting zero offset from a pointer that is already at the beginning of map element value. This leads to integer underflow in fixup_bpf_calls() where sanitization code is generated. The issue is fixed in kernel versions 5.11.8 and 5.10.25.
Group Package Affected Fixed Severity Status Ticket
AVG-1714 linux-lts 5.10.24-1 5.10.25-1 Medium Fixed
AVG-1713 linux-zen 5.11.7.zen1-1 5.11.8.zen1-1 Medium Fixed
AVG-1712 linux-hardened 5.11.7.hardened1-1 5.11.8.hardened1-1 Medium Fixed
AVG-1711 linux 5.11.7.arch1-1 5.11.8.arch1-1 Medium Fixed