tags:kernellinuxebpflpe original link: Linux Kernel: Vulnerability in the eBPF verifier register limit tracking newsletter link: exploits.club Weekly Newsletter 30
Exploits Club Summary:
@thatjiaozi published an interesting eBPF vulnerability on the Google Security Research Github repo earlier this week. The bug itself was identified via a modified version of buzzer, and allows âan attacker to trick the eBPF verifier into thinking a register has a value different from the one it takes when executing the programâ. Essentially, the verifier attempts to keep track of the minimum and maximum value a specific register can hold, and this bug allows that assumption to be broken, leading to arbitrary R/W in kernel memory.