CVE-2021-46974

bpf: Fix masking negation logic upon negative dst register

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix masking negation logic upon negative dst register

The negation logic for the case where the off_reg is sitting in the
dst register is not correct given then we cannot just invert the add
to a sub or vice versa. As a fix, perform the final bitwise and-op
unconditionally into AX from the off_reg, then move the pointer from
the src to dst and finally use AX as the source for the original
pointer arithmetic operation such that the inversion yields a correct
result. The single non-AX mov in between is possible given constant
blinding is retaining it as it's not an immediate based operation.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: corrige la lógica de negación de enmascaramiento en el registro dst negativo. La lógica de negación para el caso en el que off_reg se encuentra en el registro dst no es correcta, dado que entonces no podemos simplemente invertir la adición a un sub o viceversa. Como solución, realice la operación final bit a bit incondicionalmente en AX desde off_reg, luego mueva el puntero de src a dst y finalmente use AX como fuente para la operación aritmética del puntero original de modo que la inversión produzca un resultado correcto. El único movimiento que no sea AX en el medio es posible dado que el cegamiento constante lo retiene, ya que no es una operación inmediata.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-27 CVE Reserved
2024-02-27 CVE Published
2024-02-28 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/ae03b6b1c880a03d4771257336dc3bca156dd51b	Vuln. Introduced
https://git.kernel.org/stable/c/f92a819b4cbef8c9527d9797110544b2055a4b96	Vuln. Introduced
https://git.kernel.org/stable/c/979d63d50c0c0f7bc537bf821e056cc9fe5abd38	Vuln. Introduced
https://git.kernel.org/stable/c/078da99d449f64ca04d459cdbdcce513b64173cd	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/4d542ddb88fb2f39bf7f14caa2902f3e8d06f6ba	2021-05-22
https://git.kernel.org/stable/c/0e2dfdc74a7f4036127356d42ea59388f153f42c	2021-05-07
https://git.kernel.org/stable/c/53e0db429b37a32b8fc706d0d90eb4583ad13848	2021-05-07
https://git.kernel.org/stable/c/2cfa537674cd1051a3b8111536d77d0558f33d5d	2021-05-07
https://git.kernel.org/stable/c/6eba92a4d4be8feb4dc33976abac544fa99d6ecc	2021-05-07
https://git.kernel.org/stable/c/7cf64d8679ca1cb20cf57d6a88bfee79a0922a66	2021-05-07
https://git.kernel.org/stable/c/b9b34ddbe2076ade359cd5ce7537d5ed019e9807	2021-05-03

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14.113 < 4.14.233 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14.113 < 4.14.233"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.19 < 4.19.190 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.19 < 4.19.190"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.0 < 5.4.117 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.0 < 5.4.117"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.0 < 5.10.35 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.0 < 5.10.35"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.0 < 5.11.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.0 < 5.11.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.0 < 5.12.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.0 < 5.12.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.0 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.0 < 5.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.20.6 Search vendor "Linux" for product "Linux Kernel" and version "4.20.6"		en		Affected