On Thu, Feb 17, 2022 at 11:05 AM Greg KH gregkh@linuxfoundation.org wrote:
On Wed, Feb 16, 2022 at 02:52:00PM -0800, Hao Luo wrote:
Hi Greg,
Please consider cherry-pick this patch series into 5.16.x stable. It includes a fix to a bug in 5.16 stable which allows a user with cap_bpf privileges to get root privileges. The patch that fixes the bug is
patch 7/9: bpf: Make per_cpu_ptr return rdonly
The rest are the depedences required by the fix patch. This patchset has been merged in mainline v5.17. The patches were not planned to backport because of its complex dependences.
How about 5.10 or 5.15? Any chance to backport them there too?
If I understand correctly, the attack requires commit:
541c3bad8dc5 bpf: Support BPF ksym variables in kernel modules
which is included in 5.12. The attacker needs to load a self-defined btf. I'm taking a look at backporting to 5.15.