Alexei Starovoitov

6 exploits Active since Aug 2015
CVE-2020-8835 NOMISEC HIGH WORKING POC
Linux kernel <5.6.1, <5.5.14, <5.4.29 - Memory Corruption
In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)
CVSS 7.8
CVE-2015-4700 WRITEUP WRITEUP
Linux Kernel < 4.0.5 - Denial of Service
The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.
CVE-2017-17853 WRITEUP HIGH WRITEUP
Linux Kernel < 4.14.9 - Memory Corruption
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.
CVSS 7.8
CVE-2017-17854 WRITEUP HIGH WRITEUP
Linux Kernel < 4.14.9 - Integer Overflow
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.
CVSS 7.8
CVE-2017-17857 WRITEUP HIGH WRITEUP
Linux Kernel < 4.14.9 - Memory Corruption
The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.
CVSS 7.8
CVE-2017-17862 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.14.8 - Improper Input Validation
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service.
CVSS 5.5