Zac Ecob

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: A problem in the Linux kernel has been identified where a bpf program may cause a kernel crash due to a signed divide error. The issue arises when the divisor is -1, which can lead to an overflow. On x86 64 platforms, this can cause a kernel exception, while on arm64 platforms, the result is handled differently. The error occurs due to the division of `LLONG MIN` by -1, which should result in a positive number but exceeds the maximum positive value for 64-bit systems. Further investigation found that similar cases involving `INT MIN` and modulus operations can also trigger exceptions on x86 64. Pseudo codes have been provided to handle these exceptions and align the results with those on arm64 platforms. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to the `may goto` function in the Linux kernel's BPF (Berkeley Packet Filter) component. Two bugs were exposed by Zac's syzbot: the first bug is related to how `may goto` is patched when the offset is negative, and the second bug is in the verifier, which incorrectly prunes the exploration of the program when an actual infinite loop is detected. This can potentially allow an attacker to impact the confidentiality, integrity, and availability of protected information. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.