CVE-2024-47794

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-47794
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47794.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-47794
Downstream
Related
Published
2025-01-11T13:15:22Z
Modified
2025-08-09T20:01:26Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: Prevent tailcall infinite loop caused by freplace

There is a potential infinite loop issue that can occur when using a combination of tail calls and freplace.

In an upcoming selftest, the attach target for entryfreplace of tailcallfreplace.c is subprogtc of tcbpf2bpf.c, while the tail call in entryfreplace leads to entrytc. This results in an infinite loop:

entrytc -> subprogtc -> entryfreplace --tailcall-> entrytc.

The problem arises because the tailcallcnt in entryfreplace resets to zero each time entryfreplace is executed, causing the tail call mechanism to never terminate, eventually leading to a kernel panic.

To fix this issue, the solution is twofold:

  1. Prevent updating a program extended by an freplace program to a prog_array map.
  2. Prevent extending a program that is already part of a prog_array map with an freplace program.

This ensures that:

  • If a program or its subprogram has been extended by an freplace program, it can no longer be updated to a prog_array map.
  • If a program has been added to a prog_array map, neither it nor its subprograms can be extended by an freplace program.

Moreover, an extension program should not be tailcalled. As such, return -EINVAL if the program has a type of BPFPROGTYPEEXT when adding it to a progarray map.

Additionally, fix a minor code style issue by replacing eight spaces with a tab for proper formatting.

References

Affected packages