** Tags removed: verification-needed-hirsute
** Tags added: kernel-cve-tracker
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1943960
Title:
s390x BPF JIT vulnerabilities
To manage notifications
This bug is awaiting verification that the linux-kvm/5.11.0-1017.18
kernel in -proposed solves the problem. Please test the kernel and
update this bug with the results. If the problem is solved, change the
tag 'verification-needed-hirsute' to 'verification-done-hirsute'. If the
problem still
** Description changed:
[Impact]
s390 BPF JIT vulnerabilities allow the eBPF verifier to be bypassed, leading
to possible local privilege escalation.
[Mitigation]
Disable unprivileged eBPF.
sysctl -w kernel.unprivileged_bpf_disabled=1
[Potential regression]
BPF programs might
Commits to address this are upstream in Linus' tree; they are:
1511df6f5e9e ("s390/bpf: Fix branch shortening during codegen pass")
6e61dc9da0b7 ("s390/bpf: Fix 64-bit subtraction of the -0x8000 constant")
db7bee653859 ("s390/bpf: Fix optimizing out zero-extensions")
--
You received
** Tags added: s390x
** Also affects: ubuntu-z-systems
Importance: Undecided
Status: New
** Changed in: ubuntu-z-systems
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1943960
Title:
s390x BPF JIT vulnerabilities
To manage notifications about this