First published: Fri Jun 19 2015(Updated: )
A flaw was found in the kernels implementation of the Berkly Packet Filter. Specially crafted BPF code may be able to crash the system by creating a situation in which the JIT compiler will fail to correctly optimise the JIT image on the last pass. This would to the CPU executing instructions that were not part of the JIT code. Workaround: This issue does not affect most systems by default. An administrator would need to have enabled the BPF JIT to be affected. It can be disabled immediately with the command: # echo 0 > /proc/sys/net/core/bpf_jit_enable Or it can be disabled for all subsequent boots of the system by setting a value in /etc/sysctl.d/44-bpf-jit-disable ## start file ## net.core.bpf_jit_enable=0 ## end file ## Resources: <a href="http://seclists.org/oss-sec/2015/q2/784">http://seclists.org/oss-sec/2015/q2/784</a> <a href="https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/id=3f7352bf21f8fd7ba3e2fcef9488756f188e12be">https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/id=3f7352bf21f8fd7ba3e2fcef9488756f188e12be</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | <=4.0.5 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.6-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.