On Thu, Feb 17, 2022 at 11:05 AM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > On Wed, Feb 16, 2022 at 02:52:00PM -0800, Hao Luo wrote: > > Hi Greg, > > > > Please consider cherry-pick this patch series into 5.16.x stable. It > > includes a fix to a bug in 5.16 stable which allows a user with cap_bpf > > privileges to get root privileges. The patch that fixes the bug is > > > > patch 7/9: bpf: Make per_cpu_ptr return rdonly > > > > The rest are the depedences required by the fix patch. This patchset has > > been merged in mainline v5.17. The patches were not planned to backport > > because of its complex dependences. > > How about 5.10 or 5.15? Any chance to backport them there too? > If I understand correctly, the attack requires commit: 541c3bad8dc5 bpf: Support BPF ksym variables in kernel modules which is included in 5.12. The attacker needs to load a self-defined btf. I'm taking a look at backporting to 5.15.
