CVE-2024-58100
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-58100
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-58100.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-58100
- Downstream
- Related
- Published
- 2025-05-05T15:15:53Z
- Modified
- 2025-08-09T20:01:25Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf: check changespktdata property for extension programs
When processing calls to global sub-programs, verifier decides whether to invalidate all packet pointers in current state depending on the changespktdata property of the global sub-program.
Because of this, an extension program replacing a global sub-program must be compatible with changespktdata property of the sub-program being replaced.
This commit: - adds changespktdata flag to struct bpfprogaux: - this flag is set in checkcfg() for main sub-program; - in jitsubprogs() for other sub-programs; - modifies bpfcheckattachbtfid() to check changespktdata flag; - moves call to checkattachbtfid() after the call to checkcfg(), because it needs changespktdata flag to be set:
bpf_check: ... ... - check_attach_btf_id resolve_pseudo_ldimm64 resolve_pseudo_ldimm64 --> bpf_prog_is_offloaded bpf_prog_is_offloaded check_cfg check_cfg + check_attach_btf_id ... ...The following fields are set by checkattachbtfid(): - env->ops - prog->aux->attachbtftrace - prog->aux->attachfuncname - prog->aux->attachfuncproto - prog->aux->dsttrampoline - prog->aux->mod - prog->aux->saveddstattachtype - prog->aux->saveddstprogtype - prog->expectedattachtype
Neither of these fields are used by resolvepseudoldimm64() or bpfprogoffloadverifierprep() (for netronome and netdevsim drivers), so the reordering is safe.
- References