Headline
CVE-2017-17853: bpf/verifier: fix bounds calculation on BPF_RSH · torvalds/linux@4374f25
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.
Permalink
Browse files
bpf/verifier: fix bounds calculation on BPF_RSH
Incorrect signed bounds were being computed. If the old upper signed bound was positive and the old lower signed bound was negative, this could cause the new upper signed bound to be too low, leading to security issues.
Fixes: b03c9f9 (“bpf/verifier: track signed and unsigned min/max values”) Reported-by: Jann Horn jannh@google.com Signed-off-by: Edward Cree ecree@solarflare.com Acked-by: Alexei Starovoitov ast@kernel.org [jannh@google.com: changed description to reflect bug impact] Signed-off-by: Jann Horn jannh@google.com Signed-off-by: Alexei Starovoitov ast@kernel.org Signed-off-by: Daniel Borkmann daniel@iogearbox.net
- Loading branch information