CVE-2015-4700

Impact:
Important
Public Date:
2015-06-23
CWE:
CWE-665
Bugzilla:
1233615: CVE-2015-4700 kernel: Crafted BPF filters may crash kernel during JIT optimisation
A flaw was found in the kernel's implementation of the Berkeley Packet Filter (BPF). A local attacker could craft BPF code to crash the system by creating a situation in which the JIT compiler would fail to correctly optimize the JIT image on the last pass. This would lead to the CPU executing instructions that were not part of the JIT code.

Find out more about CVE-2015-4700 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6 as it does not contain the affected code. This does not affect the Red Hat Enterprise MRG 2 as it does not enable the affected code at compile time.

This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7.

CVSS v2 metrics

Base Score 7.2
Base Metrics AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (kernel) RHSA-2015:1778 2015-09-15
Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) RHSA-2015:1788 2015-09-15

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Not affected
Red Hat Enterprise Linux 6 kernel Not affected
Red Hat Enterprise Linux 5 kernel Not affected
Red Hat Enterprise Linux 4 kernel Not affected
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.

Acknowledgements

Red Hat would like to thank Daniel Borkmann for reporting this issue.

Mitigation

This issue does not affect most systems by default. An administrator would need to have enabled the BPF JIT to be affected.

It can be disabled immediately with the command:

# echo 0 > /proc/sys/net/core/bpf_jit_enable

Or it can be disabled for all subsequent boots of the system by setting a value in /etc/sysctl.d/44-bpf-jit-disable

## start file ##

net.core.bpf_jit_enable=0

## end file ##

Last Modified