In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the 64-bit domain, instead of the current 32bit. The arithmetic implies adding together a 64-bit register with a int offset. The register was checked to be below 1<<29 when it was variable, but not when it was fixed. The offset either comes from an instruction (in which case it is 16 bit), from another register (in which case the caller checked it to be below 1<<29 [1]), or from the size of an argument to a kfunc (in which case it can be a u32 [2]). Between the register being inconsistently checked to be below 1<<29, and the offset being up to an u32, it appears that we were open to overflowing the int
s which were currently used for arithmetic. [1] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L7494-L7498 [2] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L11904
{ "binaries": [ { "binary_name": "linux-azure-6.5-cloud-tools-6.5.0-1022", "binary_version": "6.5.0-1022.23~22.04.1" }, { "binary_name": "linux-azure-6.5-headers-6.5.0-1022", "binary_version": "6.5.0-1022.23~22.04.1" }, { "binary_name": "linux-azure-6.5-tools-6.5.0-1022", "binary_version": "6.5.0-1022.23~22.04.1" }, { "binary_name": "linux-buildinfo-6.5.0-1022-azure", "binary_version": "6.5.0-1022.23~22.04.1" }, { "binary_name": "linux-cloud-tools-6.5.0-1022-azure", "binary_version": "6.5.0-1022.23~22.04.1" }, { "binary_name": "linux-headers-6.5.0-1022-azure", "binary_version": "6.5.0-1022.23~22.04.1" }, { "binary_name": "linux-image-unsigned-6.5.0-1022-azure", "binary_version": "6.5.0-1022.23~22.04.1" }, { "binary_name": "linux-image-unsigned-6.5.0-1022-azure-dbgsym", "binary_version": "6.5.0-1022.23~22.04.1" }, { "binary_name": "linux-modules-6.5.0-1022-azure", "binary_version": "6.5.0-1022.23~22.04.1" }, { "binary_name": "linux-modules-extra-6.5.0-1022-azure", "binary_version": "6.5.0-1022.23~22.04.1" }, { "binary_name": "linux-tools-6.5.0-1022-azure", "binary_version": "6.5.0-1022.23~22.04.1" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "linux-buildinfo-6.5.0-1022-gcp", "binary_version": "6.5.0-1022.24~22.04.1" }, { "binary_name": "linux-gcp-6.5-headers-6.5.0-1022", "binary_version": "6.5.0-1022.24~22.04.1" }, { "binary_name": "linux-gcp-6.5-tools-6.5.0-1022", "binary_version": "6.5.0-1022.24~22.04.1" }, { "binary_name": "linux-headers-6.5.0-1022-gcp", "binary_version": "6.5.0-1022.24~22.04.1" }, { "binary_name": "linux-image-unsigned-6.5.0-1022-gcp", "binary_version": "6.5.0-1022.24~22.04.1" }, { "binary_name": "linux-image-unsigned-6.5.0-1022-gcp-dbgsym", "binary_version": "6.5.0-1022.24~22.04.1" }, { "binary_name": "linux-modules-6.5.0-1022-gcp", "binary_version": "6.5.0-1022.24~22.04.1" }, { "binary_name": "linux-modules-extra-6.5.0-1022-gcp", "binary_version": "6.5.0-1022.24~22.04.1" }, { "binary_name": "linux-modules-iwlwifi-6.5.0-1022-gcp", "binary_version": "6.5.0-1022.24~22.04.1" }, { "binary_name": "linux-tools-6.5.0-1022-gcp", "binary_version": "6.5.0-1022.24~22.04.1" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "linux-buildinfo-6.5.0-41-generic", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-buildinfo-6.5.0-41-generic-64k", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-cloud-tools-6.5.0-41-generic", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-headers-6.5.0-41-generic", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-headers-6.5.0-41-generic-64k", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-hwe-6.5-cloud-tools-6.5.0-41", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-hwe-6.5-cloud-tools-common", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-hwe-6.5-headers-6.5.0-41", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-hwe-6.5-tools-6.5.0-41", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-hwe-6.5-tools-common", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-hwe-6.5-tools-host", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-image-6.5.0-41-generic", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-image-6.5.0-41-generic-dbgsym", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-image-unsigned-6.5.0-41-generic", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-image-unsigned-6.5.0-41-generic-64k", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-image-unsigned-6.5.0-41-generic-64k-dbgsym", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-image-unsigned-6.5.0-41-generic-dbgsym", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-modules-6.5.0-41-generic", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-modules-6.5.0-41-generic-64k", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-modules-extra-6.5.0-41-generic", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-modules-ipu6-6.5.0-41-generic", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-modules-ivsc-6.5.0-41-generic", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-modules-iwlwifi-6.5.0-41-generic", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-source-6.5.0", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-tools-6.5.0-41-generic", "binary_version": "6.5.0-41.41~22.04.2" }, { "binary_name": "linux-tools-6.5.0-41-generic-64k", "binary_version": "6.5.0-41.41~22.04.2" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "linux-buildinfo-6.5.0-41-lowlatency", "binary_version": "6.5.0-41.41.1~22.04.1" }, { "binary_name": "linux-buildinfo-6.5.0-41-lowlatency-64k", "binary_version": "6.5.0-41.41.1~22.04.1" }, { "binary_name": "linux-cloud-tools-6.5.0-41-lowlatency", "binary_version": "6.5.0-41.41.1~22.04.1" }, { "binary_name": "linux-headers-6.5.0-41-lowlatency", "binary_version": "6.5.0-41.41.1~22.04.1" }, { "binary_name": "linux-headers-6.5.0-41-lowlatency-64k", "binary_version": "6.5.0-41.41.1~22.04.1" }, { "binary_name": "linux-image-unsigned-6.5.0-41-lowlatency", "binary_version": "6.5.0-41.41.1~22.04.1" }, { "binary_name": "linux-image-unsigned-6.5.0-41-lowlatency-64k", "binary_version": "6.5.0-41.41.1~22.04.1" }, { "binary_name": "linux-image-unsigned-6.5.0-41-lowlatency-64k-dbgsym", "binary_version": "6.5.0-41.41.1~22.04.1" }, { "binary_name": "linux-image-unsigned-6.5.0-41-lowlatency-dbgsym", "binary_version": "6.5.0-41.41.1~22.04.1" }, { "binary_name": "linux-lowlatency-hwe-6.5-cloud-tools-6.5.0-41", "binary_version": "6.5.0-41.41.1~22.04.1" }, { "binary_name": "linux-lowlatency-hwe-6.5-cloud-tools-common", "binary_version": "6.5.0-41.41.1~22.04.1" }, { "binary_name": "linux-lowlatency-hwe-6.5-headers-6.5.0-41", "binary_version": "6.5.0-41.41.1~22.04.1" }, { "binary_name": "linux-lowlatency-hwe-6.5-lib-rust-6.5.0-41-lowlatency", "binary_version": "6.5.0-41.41.1~22.04.1" }, { "binary_name": "linux-lowlatency-hwe-6.5-tools-6.5.0-41", "binary_version": "6.5.0-41.41.1~22.04.1" }, { "binary_name": "linux-lowlatency-hwe-6.5-tools-common", "binary_version": "6.5.0-41.41.1~22.04.1" }, { "binary_name": "linux-lowlatency-hwe-6.5-tools-host", "binary_version": "6.5.0-41.41.1~22.04.1" }, { "binary_name": "linux-modules-6.5.0-41-lowlatency", "binary_version": "6.5.0-41.41.1~22.04.1" }, { "binary_name": "linux-modules-6.5.0-41-lowlatency-64k", "binary_version": "6.5.0-41.41.1~22.04.1" }, { "binary_name": "linux-modules-iwlwifi-6.5.0-41-lowlatency", "binary_version": "6.5.0-41.41.1~22.04.1" }, { "binary_name": "linux-tools-6.5.0-41-lowlatency", "binary_version": "6.5.0-41.41.1~22.04.1" }, { "binary_name": "linux-tools-6.5.0-41-lowlatency-64k", "binary_version": "6.5.0-41.41.1~22.04.1" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "linux-buildinfo-6.5.0-1021-nvidia", "binary_version": "6.5.0-1021.22" }, { "binary_name": "linux-buildinfo-6.5.0-1021-nvidia-64k", "binary_version": "6.5.0-1021.22" }, { "binary_name": "linux-headers-6.5.0-1021-nvidia", "binary_version": "6.5.0-1021.22" }, { "binary_name": "linux-headers-6.5.0-1021-nvidia-64k", "binary_version": "6.5.0-1021.22" }, { "binary_name": "linux-image-unsigned-6.5.0-1021-nvidia", "binary_version": "6.5.0-1021.22" }, { "binary_name": "linux-image-unsigned-6.5.0-1021-nvidia-64k", "binary_version": "6.5.0-1021.22" }, { "binary_name": "linux-image-unsigned-6.5.0-1021-nvidia-64k-dbgsym", "binary_version": "6.5.0-1021.22" }, { "binary_name": "linux-image-unsigned-6.5.0-1021-nvidia-dbgsym", "binary_version": "6.5.0-1021.22" }, { "binary_name": "linux-modules-6.5.0-1021-nvidia", "binary_version": "6.5.0-1021.22" }, { "binary_name": "linux-modules-6.5.0-1021-nvidia-64k", "binary_version": "6.5.0-1021.22" }, { "binary_name": "linux-modules-extra-6.5.0-1021-nvidia", "binary_version": "6.5.0-1021.22" }, { "binary_name": "linux-modules-nvidia-fs-6.5.0-1021-nvidia", "binary_version": "6.5.0-1021.22" }, { "binary_name": "linux-modules-nvidia-fs-6.5.0-1021-nvidia-64k", "binary_version": "6.5.0-1021.22" }, { "binary_name": "linux-nvidia-6.5-headers-6.5.0-1021", "binary_version": "6.5.0-1021.22" }, { "binary_name": "linux-nvidia-6.5-tools-6.5.0-1021", "binary_version": "6.5.0-1021.22" }, { "binary_name": "linux-nvidia-6.5-tools-host", "binary_version": "6.5.0-1021.22" }, { "binary_name": "linux-tools-6.5.0-1021-nvidia", "binary_version": "6.5.0-1021.22" }, { "binary_name": "linux-tools-6.5.0-1021-nvidia-64k", "binary_version": "6.5.0-1021.22" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "linux-buildinfo-6.5.0-1024-oem", "binary_version": "6.5.0-1024.25" }, { "binary_name": "linux-headers-6.5.0-1024-oem", "binary_version": "6.5.0-1024.25" }, { "binary_name": "linux-image-unsigned-6.5.0-1024-oem", "binary_version": "6.5.0-1024.25" }, { "binary_name": "linux-image-unsigned-6.5.0-1024-oem-dbgsym", "binary_version": "6.5.0-1024.25" }, { "binary_name": "linux-modules-6.5.0-1024-oem", "binary_version": "6.5.0-1024.25" }, { "binary_name": "linux-modules-ipu6-6.5.0-1024-oem", "binary_version": "6.5.0-1024.25" }, { "binary_name": "linux-modules-ivsc-6.5.0-1024-oem", "binary_version": "6.5.0-1024.25" }, { "binary_name": "linux-modules-iwlwifi-6.5.0-1024-oem", "binary_version": "6.5.0-1024.25" }, { "binary_name": "linux-modules-usbio-6.5.0-1024-oem", "binary_version": "6.5.0-1024.25" }, { "binary_name": "linux-oem-6.5-headers-6.5.0-1024", "binary_version": "6.5.0-1024.25" }, { "binary_name": "linux-oem-6.5-lib-rust-6.5.0-1024-oem", "binary_version": "6.5.0-1024.25" }, { "binary_name": "linux-oem-6.5-tools-6.5.0-1024", "binary_version": "6.5.0-1024.25" }, { "binary_name": "linux-oem-6.5-tools-host", "binary_version": "6.5.0-1024.25" }, { "binary_name": "linux-tools-6.5.0-1024-oem", "binary_version": "6.5.0-1024.25" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "linux-buildinfo-6.5.0-1024-oracle", "binary_version": "6.5.0-1024.24~22.04.1" }, { "binary_name": "linux-buildinfo-6.5.0-1024-oracle-64k", "binary_version": "6.5.0-1024.24~22.04.1" }, { "binary_name": "linux-headers-6.5.0-1024-oracle", "binary_version": "6.5.0-1024.24~22.04.1" }, { "binary_name": "linux-headers-6.5.0-1024-oracle-64k", "binary_version": "6.5.0-1024.24~22.04.1" }, { "binary_name": "linux-image-unsigned-6.5.0-1024-oracle", "binary_version": "6.5.0-1024.24~22.04.1" }, { "binary_name": "linux-image-unsigned-6.5.0-1024-oracle-64k", "binary_version": "6.5.0-1024.24~22.04.1" }, { "binary_name": "linux-image-unsigned-6.5.0-1024-oracle-64k-dbgsym", "binary_version": "6.5.0-1024.24~22.04.1" }, { "binary_name": "linux-image-unsigned-6.5.0-1024-oracle-dbgsym", "binary_version": "6.5.0-1024.24~22.04.1" }, { "binary_name": "linux-modules-6.5.0-1024-oracle", "binary_version": "6.5.0-1024.24~22.04.1" }, { "binary_name": "linux-modules-6.5.0-1024-oracle-64k", "binary_version": "6.5.0-1024.24~22.04.1" }, { "binary_name": "linux-modules-extra-6.5.0-1024-oracle", "binary_version": "6.5.0-1024.24~22.04.1" }, { "binary_name": "linux-modules-extra-6.5.0-1024-oracle-64k", "binary_version": "6.5.0-1024.24~22.04.1" }, { "binary_name": "linux-oracle-6.5-headers-6.5.0-1024", "binary_version": "6.5.0-1024.24~22.04.1" }, { "binary_name": "linux-oracle-6.5-tools-6.5.0-1024", "binary_version": "6.5.0-1024.24~22.04.1" }, { "binary_name": "linux-tools-6.5.0-1024-oracle", "binary_version": "6.5.0-1024.24~22.04.1" }, { "binary_name": "linux-tools-6.5.0-1024-oracle-64k", "binary_version": "6.5.0-1024.24~22.04.1" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "linux-buildinfo-6.5.0-40-generic", "binary_version": "6.5.0-40.40.1~22.04.1" }, { "binary_name": "linux-headers-6.5.0-40-generic", "binary_version": "6.5.0-40.40.1~22.04.1" }, { "binary_name": "linux-image-6.5.0-40-generic", "binary_version": "6.5.0-40.40.1~22.04.1" }, { "binary_name": "linux-image-6.5.0-40-generic-dbgsym", "binary_version": "6.5.0-40.40.1~22.04.1" }, { "binary_name": "linux-modules-6.5.0-40-generic", "binary_version": "6.5.0-40.40.1~22.04.1" }, { "binary_name": "linux-modules-extra-6.5.0-40-generic", "binary_version": "6.5.0-40.40.1~22.04.1" }, { "binary_name": "linux-riscv-6.5-headers-6.5.0-40", "binary_version": "6.5.0-40.40.1~22.04.1" }, { "binary_name": "linux-riscv-6.5-tools-6.5.0-40", "binary_version": "6.5.0-40.40.1~22.04.1" }, { "binary_name": "linux-tools-6.5.0-40-generic", "binary_version": "6.5.0-40.40.1~22.04.1" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "linux-buildinfo-6.5.0-1015-starfive", "binary_version": "6.5.0-1015.16~22.04.1" }, { "binary_name": "linux-headers-6.5.0-1015-starfive", "binary_version": "6.5.0-1015.16~22.04.1" }, { "binary_name": "linux-image-6.5.0-1015-starfive", "binary_version": "6.5.0-1015.16~22.04.1" }, { "binary_name": "linux-image-6.5.0-1015-starfive-dbgsym", "binary_version": "6.5.0-1015.16~22.04.1" }, { "binary_name": "linux-modules-6.5.0-1015-starfive", "binary_version": "6.5.0-1015.16~22.04.1" }, { "binary_name": "linux-modules-extra-6.5.0-1015-starfive", "binary_version": "6.5.0-1015.16~22.04.1" }, { "binary_name": "linux-starfive-6.5-headers-6.5.0-1015", "binary_version": "6.5.0-1015.16~22.04.1" }, { "binary_name": "linux-starfive-6.5-tools-6.5.0-1015", "binary_version": "6.5.0-1015.16~22.04.1" }, { "binary_name": "linux-tools-6.5.0-1015-starfive", "binary_version": "6.5.0-1015.16~22.04.1" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "linux-buildinfo-6.8.0-2001-raspi-realtime", "binary_version": "6.8.0-2001.1" }, { "binary_name": "linux-headers-6.8.0-2001-raspi-realtime", "binary_version": "6.8.0-2001.1" }, { "binary_name": "linux-image-6.8.0-2001-raspi-realtime", "binary_version": "6.8.0-2001.1" }, { "binary_name": "linux-image-6.8.0-2001-raspi-realtime-dbgsym", "binary_version": "6.8.0-2001.1" }, { "binary_name": "linux-modules-6.8.0-2001-raspi-realtime", "binary_version": "6.8.0-2001.1" }, { "binary_name": "linux-raspi-realtime-headers-6.8.0-2001", "binary_version": "6.8.0-2001.1" }, { "binary_name": "linux-raspi-realtime-tools-6.8.0-2001", "binary_version": "6.8.0-2001.1" }, { "binary_name": "linux-tools-6.8.0-2001-raspi-realtime", "binary_version": "6.8.0-2001.1" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }