UBUNTU-CVE-2017-9150

Details

The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.

Affected Packages(20 packages)

linux-lts-xenial

Ubuntu 14.04 LTS

Fixed in:

4.4.0-87.110~14.04.1

linux

Ubuntu 16.04 LTS

Fixed in:

4.4.0-87.110

linux-aws

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1026.35

linux-gke

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1022.22

linux-hwe

Ubuntu 16.04 LTS

Fixed in:

4.10.0-32.36~16.04.1

linux-raspi2

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1065.73

linux-snapdragon

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1067.72

linux-azure

Ubuntu 18.04 LTS

Affected versions:

4.15.0-1002.24.15.0-1003.34.15.0-1004.44.15.0-1008.84.15.0-1009.94.15.0-1012.124.15.0-1013.134.15.0-1014.144.15.0-1018.184.15.0-1019.19+34 more

linux-gcp

Ubuntu 18.04 LTS

Affected versions:

4.15.0-1001.14.15.0-1003.34.15.0-1005.54.15.0-1006.64.15.0-1008.84.15.0-1009.94.15.0-1010.104.15.0-1014.144.15.0-1015.154.15.0-1017.18+28 more

linux-hwe

Ubuntu 18.04 LTS

Affected versions:

4.18.0-13.14~18.04.14.18.0-14.15~18.04.14.18.0-15.16~18.04.14.18.0-16.17~18.04.14.18.0-17.18~18.04.14.18.0-18.19~18.04.14.18.0-20.21~18.04.14.18.0-21.22~18.04.14.18.0-22.23~18.04.14.18.0-24.25~18.04.1+33 more

References

REPORT

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0e57697f162da4aa218b5feafe614fb666db07

REPORT

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1

REPORT

https://bugs.chromium.org/p/project-zero/issues/detail?id=1251

REPORT

https://git.kernel.org/linus/0d0e57697f162da4aa218b5feafe614fb666db07

REPORT

https://github.com/torvalds/linux/commit/0d0e57697f162da4aa218b5feafe614fb666db07

REPORT