CVE-2021-33200 - log back

CVE-2021-33200 edited at 28 May 2021 17:18:07
Description
- kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.
+ kernel/bpf/verifier.c in the Linux kernel before 5.12.8 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.
References
https://www.openwall.com/lists/oss-security/2021/05/27/1
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3d0220f6861d713213b015b582e9f21e5b28d2e0
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bb01a1bba579b4b1c5566af24d95f1767859771e
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a7036191277f9fa68d92f2071ddc38c09b1e5ee5
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.8&id=9accd53bd479974c434554e3446149884890623a
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.8&id=4dd2aaaddbcfd8e9f097512c745d69018f8e9801
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.8&id=f3ab9709b00ed389f870f6b20d323193bcf572c8
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.41&id=4e2c7b297431457663a90d4186e666b61d5da86c
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.41&id=c87ef240a8bbbda5913fac1e84209d224c1aaf50
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.41&id=27acfd11ba179b746f55077edf9750f8f7cb1cb6
CVE-2021-33200 edited at 27 May 2021 14:10:10
Description
- An issue has been discovered in the Linux kernel that can be abused by unprivileged local users to escalate privileges. The issue is with how the BPF verifier computes limits to enforce on the pointer arithmetic operations in BPF programs. In a particular scenario these limits are computed incorrectly. When any incorrect limits are enforced, performing the pointer arithmetic operation may lead to out-of-bounds reads and writes in the kernel memory.
+ kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.
CVE-2021-33200 edited at 27 May 2021 09:37:03
References
https://www.openwall.com/lists/oss-security/2021/05/27/1
- https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=3d0220f6861d713213b015b582e9f21e5b28d2e0
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3d0220f6861d713213b015b582e9f21e5b28d2e0
- https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=bb01a1bba579b4b1c5566af24d95f1767859771e
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bb01a1bba579b4b1c5566af24d95f1767859771e
- https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=a7036191277f9fa68d92f2071ddc38c09b1e5ee5
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a7036191277f9fa68d92f2071ddc38c09b1e5ee5
CVE-2021-33200 edited at 27 May 2021 09:34:57
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Privilege escalation
Description
+ An issue has been discovered in the Linux kernel that can be abused by unprivileged local users to escalate privileges. The issue is with how the BPF verifier computes limits to enforce on the pointer arithmetic operations in BPF programs. In a particular scenario these limits are computed incorrectly. When any incorrect limits are enforced, performing the pointer arithmetic operation may lead to out-of-bounds reads and writes in the kernel memory.
References
+ https://www.openwall.com/lists/oss-security/2021/05/27/1
+ https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=3d0220f6861d713213b015b582e9f21e5b28d2e0
+ https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=bb01a1bba579b4b1c5566af24d95f1767859771e
+ https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=a7036191277f9fa68d92f2071ddc38c09b1e5ee5
CVE-2021-33200 created at 27 May 2021 09:33:16
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes