AZL-69932

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-69932.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-69932

Upstream

CVE-2024-58237

Published

2025-05-05T15:15:54Z

Modified

2026-04-01T05:21:39.266540Z

Summary

CVE-2024-58237 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: consider that tail calls invalidate packet pointers

Tail-called programs could execute any of the helpers that invalidate packet pointers. Hence, conservatively assume that each tail call invalidates packet pointers.

Making the change in bpfhelperchangespktdata() automatically makes use of checkcfg() logic that computes 'changespkt_data' effect for global sub-programs, such that the following program could be rejected:

int tail_call(struct __sk_buff *sk)
{
    bpf_tail_call_static(sk, &jmp_table, 0);
    return 0;
}

SEC("tc")
int not_safe(struct __sk_buff *sk)
{
    int *p = (void *)(long)sk->data;
    ... make p valid ...
    tail_call(sk);
    *p = 42; /* this is unsafe */
    ...
}

The tcbpf2bpf.c:subprogtc() needs change: mark it as a function that can invalidate packet pointers. Otherwise, it can't be freplaced with tailcallfreplace.c:entryfreplace() that does a tail call.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-58237

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-69932.json"