| The vulnerability resides in the Linux kernel's BPF (Berkeley Packet Filter) verifier, specifically in the `kernel/bpf/verifier.c` file. The issue arises from incorrect permission flag usage when dealing with mixed signed bounds arithmetic. To mitigate Spectre v1 attacks, unknown scalars with mixed signed bounds are forbidden, and thus require the `bypass_spec_v1` flag instead of `allow_ptr_leaks`. |
| |
| The vulnerability was introduced in Linux kernel version 5.8 with commit `2c78ee898d8f` and has been fixed in versions 5.10.32 with commit `4f3ff11204ea`, 5.11.16 with commit `4ccdc6c6cae3`, and 5.12 with commit `960114839252`. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are not tested or supported alone. |
| |
| The mitigation involves using the correct permission flag (`bypass_spec_v1`) when dealing with mixed signed bounds arithmetic in BPF verifiers. This fix is available in the referenced commits and should be applied to ensure the security of Linux systems. |
| |
