Skip to content

eBPF verifier ALU32 bounds-tracking bypass (CVE-2021-3490)

Aynı bug/CVE: bkz. canonical not eBPF ALU32 bounds-tracking container escape.

Mechanism

Bu, scalar32_min_max_and/or/xor'un alt 32 bit const / üst 32 bit unknown iken subreg bounds'u güncellemeden erken döndüğü aynı CVE-2021-3490 verifier kusurudur. Tam mekanizma için canonical not'a bakın: eBPF ALU32 bounds-tracking container escape.

Walkthrough

Tam walkthrough canonical not'ta: eBPF ALU32 bounds-tracking container escape.

References