eBPF verifier ALU32 bounds-tracking bypass (CVE-2021-3490)¶
Aynı bug/CVE: bkz. canonical not eBPF ALU32 bounds-tracking container escape.
Mechanism¶
Bu, scalar32_min_max_and/or/xor'un alt 32 bit const / üst 32 bit unknown iken
subreg bounds'u güncellemeden erken döndüğü aynı CVE-2021-3490 verifier kusurudur.
Tam mekanizma için canonical not'a bakın:
eBPF ALU32 bounds-tracking container escape.
Walkthrough¶
Tam walkthrough canonical not'ta: eBPF ALU32 bounds-tracking container escape.