CVE-2023-52621

Summary

In the Linux kernel, the following vulnerability has been resolved:

bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers

These three bpf_map_{lookup,update,delete}_elem() helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program, otherwise the following warning will be reported when a sleepable bpf program manipulates bpf map under interpreter mode (aka bpf_jit_enable=0):

WARNING: CPU: 3 PID: 4985 at kernel/bpf/helpers.c:40 …… CPU: 3 PID: 4985 Comm: test_progs Not tainted 6.6.0+ #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) …… RIP: 0010:bpf_map_lookup_elem+0x54/0x60 …… Call Trace: <TASK> ? __warn+0xa5/0x240 ? bpf_map_lookup_elem+0x54/0x60 ? report_bug+0x1ba/0x1f0 ? handle_bug+0x40/0x80 ? exc_invalid_op+0x18/0x50 ? asm_exc_invalid_op+0x1b/0x20 ? __pfx_bpf_map_lookup_elem+0x10/0x10 ? rcu_lockdep_current_cpu_online+0x65/0xb0 ? rcu_is_watching+0x23/0x50 ? bpf_map_lookup_elem+0x54/0x60 ? __pfx_bpf_map_lookup_elem+0x10/0x10 ___bpf_prog_run+0x513/0x3b70 __bpf_prog_run32+0x9d/0xd0 ? __bpf_prog_enter_sleepable_recur+0xad/0x120 ? __bpf_prog_enter_sleepable_recur+0x3e/0x120 bpf_trampoline_6442580665+0x4d/0x1000 __x64_sys_getpgid+0x5/0x30 ? do_syscall_64+0x36/0xb0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 </TASK>

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1e6c62a8821557720a9b2ea9617359b264f2f67c < 82f2df94dac1aa9b879e74d1f82ba1b631bdc612affected
LinuxLinux1e6c62a8821557720a9b2ea9617359b264f2f67c < 3516f93cc63d956e1b290ae4b7bf2586074535a0affected
LinuxLinux1e6c62a8821557720a9b2ea9617359b264f2f67c < d6d6fe4bb105595118f12abeed4a7bdd450853f3affected
LinuxLinux1e6c62a8821557720a9b2ea9617359b264f2f67c < 483cb92334cd7f1d5387dccc0ab5d595d27a669daffected
LinuxLinux1e6c62a8821557720a9b2ea9617359b264f2f67c < c7f1b6146f4a46d727c0d046284c28b6882c6304affected
LinuxLinux1e6c62a8821557720a9b2ea9617359b264f2f67c < 169410eba271afc9f0fb476d996795aa26770c6daffected
LinuxLinux5.10affected
LinuxLinux0 < 5.10unaffected
LinuxLinux5.10.237 <= 5.10.*unaffected
LinuxLinux5.15.181 <= 5.15.*unaffected
LinuxLinux6.1.77 <= 6.1.*unaffected
LinuxLinux6.6.16 <= 6.6.*unaffected
LinuxLinux6.7.4 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References