Bug 1182330 (CVE-2021-20239)

Summary: VUL-0: CVE-2021-20239: kernel-source-rt,kernel-source-azure,kernel-source: kernel: Untrusted Pointer Dereference in setsockopt system call
Product: [Novell Products] SUSE Security Incidents Reporter: Alexandros Toptsoglou <atoptsoglou>
Component: IncidentsAssignee: Kernel Bugs <kernel-bugs>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/277983/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexandros Toptsoglou 2021-02-16 15:58:41 UTC 
CVE-2021-20239

A flaw was found in the Linux kernels implementation of BPF. A local user with CAP_NET_ADMIN can attach an ebpf filter to setsockopt() syscall.   This filter can be triggered under the right conditions to leak kernel internal information.  This could allow an attacker to determine the layout of information in kernel memory to be used in future attacks.

This flaw  is also known as ZDI-21-100.

References:

https://www.zerodayinitiative.com/advisories/ZDI-21-100/
https://gist.github.com/Ga-ryo/2ec958e78f55c5d18558960f3fe1c6ec

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1923636
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20239
Comment 1 Alexandros Toptsoglou 2021-02-16 15:59:19 UTC 
looks duplicate

*** This bug has been marked as a duplicate of bug 1182010 ***