We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
In the Linux kernel, the following vulnerability has been resolved: bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos In case of malformed relocation record of kind BPF_CORE_TYPE_ID_LOCAL referencing a non-existing BTF type, function bpf_core_calc_relo_insn would cause a null pointer deference. Fix this by adding a proper check upper in call stack, as malformed relocation records could be passed from user space. Simplest reproducer is a program: r0 = 0 exit With a single relocation record: .insn_off = 0, /* patch first instruction */ .type_id = 100500, /* this type id does not exist */ .access_str_off = 6, /* offset of string "0" */ .kind = BPF_CORE_TYPE_ID_LOCAL, See the link for original reproducer or next commit for a test case.
Reserved 2024-10-21 | Published 2024-10-21 | Updated 2024-12-19 | Assigner Linuxgit.kernel.org/...c/dc7ce14f00bcd50641f2110b7a32aa6552e0780f
git.kernel.org/...c/2288b54b96dcb55bedebcef3572bb8821fc5e708
git.kernel.org/...c/584cd3ff792e1edbea20b2a7df55897159b0be3e
git.kernel.org/...c/e7e9c5b2dda29067332df2a85b0141a92b41f218
git.kernel.org/...c/3d2786d65aaa954ebd3fcc033ada433e10da21c4
Support options