More information about this CVE will likely be available in a few days
Description
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to out of bounds access into reg2btf_ids. When commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added kfunc support, it defined reg2btf_ids as a cheap way to translate the verifier reg type to the appropriate btf_vmlinux BTF ID, however commit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL") moved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after the base register types, and defined other variants using type flag composition. However, now, the direct usage of reg->type to index into reg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to out of bounds access and kernel crash on dereference of bad pointer.
Related CPE's
Could not find any relations
References
Weaknesses
Could not find any weaknesses
CVSS impact metrics
Could not find any metrics
Information
Source identifier
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Vulnerability status
Awaiting analysis
Published
2024-08-22T04:15:15.773
4 weeks agoLast modified
2024-08-22T12:48:02.790
4 weeks ago