CVE-2024-58100

ADVISORY - nist

Summary

In the Linux kernel, the following vulnerability has been resolved:

bpf: check changes_pkt_data property for extension programs

When processing calls to global sub-programs, verifier decides whether to invalidate all packet pointers in current state depending on the changes_pkt_data property of the global sub-program.

Because of this, an extension program replacing a global sub-program must be compatible with changes_pkt_data property of the sub-program being replaced.

This commit:

  • adds changes_pkt_data flag to struct bpf_prog_aux:

    • this flag is set in check_cfg() for main sub-program;
    • in jit_subprogs() for other sub-programs;
  • modifies bpf_check_attach_btf_id() to check changes_pkt_data flag;

  • moves call to check_attach_btf_id() after the call to check_cfg(), because it needs changes_pkt_data flag to be set:

    bpf_check: ... ...

    • check_attach_btf_id resolve_pseudo_ldimm64 resolve_pseudo_ldimm64 --> bpf_prog_is_offloaded bpf_prog_is_offloaded check_cfg check_cfg + check_attach_btf_id ... ...

The following fields are set by check_attach_btf_id():

  • env->ops
  • prog->aux->attach_btf_trace
  • prog->aux->attach_func_name
  • prog->aux->attach_func_proto
  • prog->aux->dst_trampoline
  • prog->aux->mod
  • prog->aux->saved_dst_attach_type
  • prog->aux->saved_dst_prog_type
  • prog->expected_attach_type

Neither of these fields are used by resolve_pseudo_ldimm64() or bpf_prog_offload_verifier_prep() (for netronome and netdevsim drivers), so the reordering is safe.

EPSS Score: 0.00152 (0.048)

Common Weakness Enumeration (CWE)

ADVISORY - nist
ADVISORY - redhat

Improper Input Validation


NIST

CREATED

UPDATED

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.5medium

Debian

CREATED

UPDATED

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.5medium

Amazon

CREATED

UPDATED

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

UPDATED

EXPLOITABILITY SCORE

0.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

6medium

Oracle

CREATED

UPDATED

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

UPDATED

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

minimos

CREATED

UPDATED

ADVISORY ID

MINI-chr8-mm4p-f39h

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY