Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: bpf: consider that tail calls invalidate packet pointers Tail-called programs could execute any of the helpers that invalidate packet pointers. Hence, conservatively assume that each tail call invalidates packet pointers. Making the change in bpf_helper_changes_pkt_data() automatically makes use of check_cfg() logic that computes 'changes_pkt_data' effect for global sub-programs, such that the following program could be rejected: int tail_call(struct __sk_buff *sk) { bpf_tail_call_static(sk, &jmp_table, 0); return 0; } SEC("tc") int not_safe(struct __sk_buff *sk) { int *p = (void *)(long)sk->data; ... make p valid ... tail_call(sk); *p = 42; /* this is unsafe */ ... } The tc_bpf2bpf.c:subprog_tc() needs change: mark it as a function that can invalidate packet pointers. Otherwise, it can't be freplaced with tailcall_freplace.c:entry_freplace() that does a tail call.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.6, < 6.6.90 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/1a4607ffba35bf2a630aab299e34dd3f6e658d70Patch
- https://git.kernel.org/stable/c/1c2244437f9ad3dd91215f920401a14f2542dbfcPatch
- https://git.kernel.org/stable/c/f1692ee23dcaaddc24ba407b269707ee5df1301fPatch
FAQ
What is CVE-2024-58237?
CVE-2024-58237 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: bpf: consider that tail calls invalidate packet pointers Tail-called programs could execute any of the helpers that invalidate pac...
How severe is CVE-2024-58237?
CVE-2024-58237 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-58237?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.