Hi !

On Thu, Aug 26, 2021 at 8:51 PM Pavel Machek <pavel@denx.de> wrote:
>
> Hi!
>
> > > CVE-2021-3600: eBPF 32-bit source register truncation on div/mod
> > >
> > > The vulnerability has been introduced since 4.15-rc9. 4.4 is not
> > > affected. 4.19 is not fixed yet as of 2021/08/26.
> > >
> > > mainline: [e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90]
> > > stable/5.10: [1d16cc210fabd0a7ebf52d3025f81c2bde054a90]
> > > stable/5.4: [78e2f71b89b22222583f74803d14f3d90cdf9d12]
> >
> > I took a look into this. Apparently 4.14 and 4.19 is affected. (
> > https://seclists.org/oss-sec/2021/q2/228 )
> >
> > Due to BPF 32-bit subregister requirements (see bpf_design_QA.rst)
> > top 32 bits should be always zero when the 32 bit registers are in
> > use. So it could be possible to use BPF_JMP instead of BPF_JMP32.
>
> Hmm, no; that is what original code did and what is known not to work
> for reasons I don't fully understand.
>
> Anyway, I asked on the lists, and according to Thadeu Lima de Souza
> Cascardo Ubuntu did some work on it and is likely to do some more.
>

Thank you for asking.

> Oh, and we may want watch CVE-2021-3444, it is apparently related and
> not yet fixed in 4.19.
>

I see. We keep track of it.

> Best regards,
>                                                                 Pavel
> --
> DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
>
> 
>

Regards,

-- 
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@cybertrust.co.jp
          :masami.ichikawa@miraclelinux.com