| Description: | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel mishandled pointer data values in some situations. A local attacker could use this to to expose sensitive information (kernel memory).
|