Linux Kernel's BPF Fixed Up Against Spectre Vulnerability Bypass

Written by Michael Larabel in Linux Security on 24 June 2021 at 09:00 AM EDT. 1 Comment
LINUX SECURITY
With the latest mainline Git kernel as well as the newest stable point releases as of Wednesday, a Spectre issue with the kernel's BPF subsystem has been addressed.

Up until this week, the kernel's BPF subsystem protections around speculative execution could be bypassed. An unprivileged BPF program could leak the contents of arbitrary kernel memory via a side-channel attack.

The vulnerability was summed up in this oss-security message this week, "The issue is that when the kernel's BPF verifier enumerates the possible execution paths of a BPF program, it skips any branch outcomes that are impossible according to the ISA semantics. However, when the BPF program executes, such branch outcomes may be mispredicted and so a path could speculatively execute that was missed by the verifier."

There are various proof of concepts for this BPF vulnerability. This BPF vulnerability was tracked as CVE-2021-33624.

Besides Linux 5.13 Git having the BPF vulnerability addressed, Linux 5.12.13, 5.10.46, and 5.4.128 are out so far with the patches back-ported.

This isn't the first time BPF vulnerabilities have crept up in recent history around Spectre. It was just earlier this year that two vulnerabilities were discovered and noted by Symantec for revealing memory contents via BPF.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week