漏洞标题
bpf:修复负dst寄存器时的掩码否定逻辑问题。
漏洞描述信息
在Linux内核中,已解决以下漏洞:
bpf:修复当dst寄存器为负时,masking negation逻辑的错误。
对于off_reg坐在dst寄存器的情况,如果简单地将加法转换为减法或反之,则negation逻辑不正确。作为修正,应无条件将off_reg最终的按位与操作结果写入AX,然后从src移动指针到dst,最后使用AX作为原始指针算术运算(如取反)的源,以确保反转后得到正确的结果。中间只有一个非AX mov操作是可行的,因为常数盲目仍然保留它,因为它不是一个立即基于的操作。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
漏洞类别
整数溢出或超界折返
漏洞标题
bpf: Fix masking negation logic upon negative dst register
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix masking negation logic upon negative dst register
The negation logic for the case where the off_reg is sitting in the
dst register is not correct given then we cannot just invert the add
to a sub or vice versa. As a fix, perform the final bitwise and-op
unconditionally into AX from the off_reg, then move the pointer from
the src to dst and finally use AX as the source for the original
pointer arithmetic operation such that the inversion yields a correct
result. The single non-AX mov in between is possible given constant
blinding is retaining it as it's not an immediate based operation.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Linux kernel 安全漏洞
漏洞描述信息
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞,该漏洞源于 off_reg 位于 dst 寄存器中的情况的否定逻辑不正确。
CVSS信息
N/A
漏洞类别
其他