From: Greg KH <gregkh@linuxfoundation.org>
To: Hao Luo <haoluo@google.com>
Cc: Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
laura@labbott.name, Kumar Kartikeya Dwivedi <memxor@gmail.com>,
stable@vger.kernel.org
Subject: Re: [PATCH stable linux-5.15.y 00/10] Fix bpf mem read/write vulnerability.
Date: Fri, 29 Apr 2022 11:01:38 +0200 [thread overview]
Message-ID: <Ymupcl2JshcWjmMD@kroah.com> (raw)
In-Reply-To: <20220428235751.103203-1-haoluo@google.com>
On Thu, Apr 28, 2022 at 04:57:41PM -0700, Hao Luo wrote:
> Hi Greg,
>
> Please cherry-pick this patch series into 5.15.y stable. It
> includes a feature that fixes CVE-2022-0500 which allows a user with
> cap_bpf privileges to get root privileges. The patch that fixes
> the bug is
>
> patch 7/10: bpf: Make per_cpu_ptr return rdonly
>
> The rest are the depedences required by the fix patch. Note that v5.10 and
> below are not affected by this bug.
>
> This patchset has been merged in mainline v5.17 and backported to v5.16[1],
> except patch 10/10 ("bpf: Fix crash due to out of bounds access into reg2btf_ids."),
> which fixes an out-of-bound access in the main feature in this series and
> hasn't been backported to v5.16 yet. If it's convenient, could you
> apply patch 10/10 to 5.16? I can send a separate patch for v5.16, if you
> prefer.
5.16 is long end-of-life, sorry, I can't add any more patches to that
tree and no one should be using it anymore.
I'll go queue these up now for 5.15, thanks for the backports!
greg k-h
next prev parent reply other threads:[~2022-04-29 9:01 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-28 23:57 [PATCH stable linux-5.15.y 00/10] Fix bpf mem read/write vulnerability Hao Luo
2022-04-28 23:57 ` [PATCH stable linux-5.15.y 01/10] bpf: Introduce composable reg, ret and arg types Hao Luo
2022-04-28 23:57 ` [PATCH stable linux-5.15.y 02/10] bpf: Replace ARG_XXX_OR_NULL with ARG_XXX | PTR_MAYBE_NULL Hao Luo
2022-04-28 23:57 ` [PATCH stable linux-5.15.y 03/10] bpf: Replace RET_XXX_OR_NULL with RET_XXX " Hao Luo
2022-04-28 23:57 ` [PATCH stable linux-5.15.y 04/10] bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX " Hao Luo
2022-04-28 23:57 ` [PATCH stable linux-5.15.y 05/10] bpf: Introduce MEM_RDONLY flag Hao Luo
2022-04-28 23:57 ` [PATCH stable linux-5.15.y 06/10] bpf: Convert PTR_TO_MEM_OR_NULL to composable types Hao Luo
2022-04-28 23:57 ` [PATCH stable linux-5.15.y 07/10] bpf: Make per_cpu_ptr return rdonly PTR_TO_MEM Hao Luo
2022-04-28 23:57 ` [PATCH stable linux-5.15.y 08/10] bpf: Add MEM_RDONLY for helper args that are pointers to rdonly mem Hao Luo
2022-04-28 23:57 ` [PATCH stable linux-5.15.y 09/10] bpf/selftests: Test PTR_TO_RDONLY_MEM Hao Luo
2022-04-28 23:57 ` [PATCH stable linux-5.15.y 10/10] bpf: Fix crash due to out of bounds access into reg2btf_ids Hao Luo
2022-04-29 9:01 ` Greg KH [this message]
2022-04-29 17:22 ` [PATCH stable linux-5.15.y 00/10] Fix bpf mem read/write vulnerability Hao Luo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Ymupcl2JshcWjmMD@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=daniel@iogearbox.net \
--cc=haoluo@google.com \
--cc=laura@labbott.name \
--cc=memxor@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox