On Fri, Apr 29, 2022 at 2:01 AM Greg KH gregkh@linuxfoundation.org wrote:
On Thu, Apr 28, 2022 at 04:57:41PM -0700, Hao Luo wrote:
Hi Greg,
Please cherry-pick this patch series into 5.15.y stable. It includes a feature that fixes CVE-2022-0500 which allows a user with cap_bpf privileges to get root privileges. The patch that fixes the bug is
patch 7/10: bpf: Make per_cpu_ptr return rdonly
The rest are the depedences required by the fix patch. Note that v5.10 and below are not affected by this bug.
This patchset has been merged in mainline v5.17 and backported to v5.16[1], except patch 10/10 ("bpf: Fix crash due to out of bounds access into reg2btf_ids."), which fixes an out-of-bound access in the main feature in this series and hasn't been backported to v5.16 yet. If it's convenient, could you apply patch 10/10 to 5.16? I can send a separate patch for v5.16, if you prefer.
5.16 is long end-of-life, sorry, I can't add any more patches to that tree and no one should be using it anymore.
I'll go queue these up now for 5.15, thanks for the backports!
greg k-h
Thank you Greg! I double checked and found that patch 10/10 is already in v5.16. So we're good.
Hao