| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <phyhoab337c2vgpfgtrjru2so6luvmymfrugdazacz3sk4to7n@nutpfnn4ivdx> Date: Thu, 24 Oct 2024 12:04:45 +0800 From: Shung-Hsi Yu <shung-hsi.yu@...e.com> To: cve@...nel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, linux-kernel@...r.kernel.org Subject: Re: CVE-2024-50063: bpf: Prevent tail call between progs attached to different hooks On Mon, Oct 21, 2024 at 09:40:04PM GMT, Greg Kroah-Hartman wrote: > Description > =========== > > In the Linux kernel, the following vulnerability has been resolved: > > bpf: Prevent tail call between progs attached to different hooks > > bpf progs can be attached to kernel functions, and the attached functions > can take different parameters or return different return values. If > prog attached to one kernel function tail calls prog attached to another > kernel function, the ctx access or return value verification could be > bypassed. ... > This patch adds restriction for tail call to prevent such bypasses. > > The Linux kernel CVE team has assigned CVE-2024-50063 to this issue. > > > Affected and fixed versions > =========================== I do not know that exact commit that introduced the issue, but given that the fix addresses the following BPF program types: - BPF_PROG_TYPE_TRACING (v5.5) - BPF_PROG_TYPE_EXT (v5.6) - BPF_PROG_TYPE_STRUCT_OPS (v5.6) - BPF_PROG_TYPE_LSM (v5.7) The earliest affected version possible should be v5.5. > Fixed in 6.6.57 with commit 5d5e3b4cbe8e > Fixed in 6.11.4 with commit 88c2a10e6c17 > Fixed in 6.12-rc1 with commit 28ead3eaabc1 ...
Powered by blists - more mailing lists