Skip to content

eBPF verifier 32-bit bounds OOB (CVE-2020-8835)

Aynı bug/CVE (CVE-2020-8835, __reg_bound_offset32 unsound jmp32 bounds): bkz. canonical not.

Mechanism

Bu, canonical not'taki aynı verifier kusurudur — hatalı 32-bit jmp32 bounds daraltması verifier'ın 0 sandığı ama runtime'da farklı olan bir "fake zero" register'ı verir. Tam mekanizma: eBPF improper program verification OOB (CVE-2020-8835).

Walkthrough

Tam walkthrough canonical not'ta: eBPF improper program verification OOB.

References