Home

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix issue in verifying allow_ptr_leaks After we converted the capabilities of our networking-bpf program from cap_sys_admin to cap_net_admin+cap_bpf, our networking-bpf program failed to start. Because it failed the bpf verifier, and the error log is "R3 pointer comparison prohibited". A simple reproducer as follows, SEC("cls-ingress") int ingress(struct __sk_buff *skb) { struct iphdr *iph = (void *)(long)skb->data + sizeof(struct ethhdr); if ((long)(iph + 1) > (long)skb->data_end) return TC_ACT_STOLEN; return TC_ACT_OK; } Per discussion with Yonghong and Alexei [1], comparison of two packet pointers is not a pointer leak. This patch fixes it. Our local kernel is 6.1.y and we expect this fix to be backported to 6.1.y, so stable is CCed. [1]. https://lore.kernel.org/bpf/CAADnVQ+Nmspr7Si+pxWn8zkE7hX-7s93ugwC+94aXSy4uQ9vBg@mail.gmail.com/

PUBLISHED Reserved 2025-12-30 | Published 2025-12-30 | Updated 2026-01-05 | Assigner Linux

Product status

Default status
unaffected

2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366 (git) before c96c67991aac6401b4c6996093bccb704bb2ea4b
affected

2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366 (git) before 5927f0172d2809d8fc09c1ba667280b0387e9f73
affected

2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366 (git) before acfdc8b77016c8e648aadc283177546c88083dd3
affected

2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366 (git) before d75e30dddf73449bc2d10bb8e2f1a2c446bc67a2
affected

Default status
affected

5.8
affected

Any version before 5.8
unaffected

6.1.53 (semver)
unaffected

6.4.16 (semver)
unaffected

6.5.3 (semver)
unaffected

6.6 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/c96c67991aac6401b4c6996093bccb704bb2ea4b

git.kernel.org/...c/5927f0172d2809d8fc09c1ba667280b0387e9f73

git.kernel.org/...c/acfdc8b77016c8e648aadc283177546c88083dd3

git.kernel.org/...c/d75e30dddf73449bc2d10bb8e2f1a2c446bc67a2

cve.org (CVE-2023-54181)

nvd.nist.gov (CVE-2023-54181)

Download JSON