Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1672355 (CVE-2019-7308)
Summary: | CVE-2019-7308 kernel: eBPF: Spectre v1 mitigation bypass | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Laura Pardo <lpardo> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | abhgupta, dbaker, jokerman, sthangav, trankin, vdronov, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | kernel 4.20.6 | Doc Type: | If docs needed, set a value |
Doc Text: |
A bypass was found for the Spectre v1 hardening in the eBPF engine of the Linux kernel. The code in the kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-08-06 13:21:47 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1672356, 1673617, 1673618, 1673631, 1673632 | ||
Bug Blocks: |
Description
Laura Pardo
2019-02-04 17:31:29 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1672356] Note: Currently as of RHEL-7 it is not possible to use eBPF (i.e. to invoke a bpf() syscall) for non-privileged user (i.e. not as "root" user). Thus we do not consider this as a security flaw in RHEL-7. Nevertheless the current intent is to fix this flaw anyway in the upcoming RHEL-7.7. It will be possible in the upcoming RHEL-8 to invoke a bpf() syscall for a non-root (using a certain kernel boot parameter). This way the kernel becomes tainted (and thus the system not supported by the Red Hat) but still vulnerable. Thus the current intent is to fix this flaw anyway in the upcoming RHEL-8. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-7308 |