CVE ID : CVE-2024-58100
Published : May 5, 2025, 3:15 p.m. | 18 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
bpf: check changes_pkt_data property for extension programs
When processing calls to global sub-programs, verifier decides whether
to invalidate all packet pointers in current state depending on the
changes_pkt_data property of the global sub-program.
Because of this, an extension program replacing a global sub-program
must be compatible with changes_pkt_data property of the sub-program
being replaced.
This commit:
– adds changes_pkt_data flag to struct bpf_prog_aux:
– this flag is set in check_cfg() for main sub-program;
– in jit_subprogs() for other sub-programs;
– modifies bpf_check_attach_btf_id() to check changes_pkt_data flag;
– moves call to check_attach_btf_id() after the call to check_cfg(),
because it needs changes_pkt_data flag to be set:
bpf_check:
… …
– check_attach_btf_id resolve_pseudo_ldimm64
resolve_pseudo_ldimm64 –> bpf_prog_is_offloaded
bpf_prog_is_offloaded check_cfg
check_cfg + check_attach_btf_id
… …
The following fields are set by check_attach_btf_id():
– env->ops
– prog->aux->attach_btf_trace
– prog->aux->attach_func_name
– prog->aux->attach_func_proto
– prog->aux->dst_trampoline
– prog->aux->mod
– prog->aux->saved_dst_attach_type
– prog->aux->saved_dst_prog_type
– prog->expected_attach_type
Neither of these fields are used by resolve_pseudo_ldimm64() or
bpf_prog_offload_verifier_prep() (for netronome and netdevsim
drivers), so the reordering is safe.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
