Bugzilla – Bug 994757
VUL-1: CVE-2014-2889: kernel-source: arch: x86: net: bpf_jit: an off-by-one bug in x86_64 cond jump target
Last modified: 2016-08-20 11:38:17 UTC
via cve db https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2889 Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges via a long jump after a conditional jump. MLIST:[oss-security] 20140418 Re: CVE request Linux kernel: arch: x86: net: bpf_jit: an off-by-one bug in x86_64 cond jump target URL:http://www.openwall.com/lists/oss-security/2014/04/18/6 CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a03ffcf873fe0f2565386ca8ef832144c42e67fa CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8 CONFIRM:https://github.com/torvalds/linux/commit/a03ffcf873fe0f2565386ca8ef832144c42e67fa
The patch is in patches.kernel.org/patch-3.0.15-16 for our 3.0. kernels. sles11 sp2 ltss has received this as an update. sles11 sp3 and sp4 have it since shipment. 2.6.32 has no bpf jit compiler. rest is fixed.