In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the 64-bit domain, instead of the current 32bit. The arithmetic implies adding together a 64-bit register with a int offset. The register was checked to be below 1<<29 when it was variable, but not when it was fixed. The offset either comes from an instruction (in which case it is 16 bit), from another register (in which case the caller checked it to be below 1<<29 [1]), or from the size of an argument to a kfunc (in which case it can be a u32 [2]). Between the register being inconsistently checked to be below 1<<29, and the offset being up to an u32, it appears that we were open to overflowing the int
s which were currently used for arithmetic. [1] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L7494-L7498 [2] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L11904
{ "binaries": [ { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-azure-6.5-cloud-tools-6.5.0-1022" }, { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-azure-6.5-headers-6.5.0-1022" }, { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-azure-6.5-tools-6.5.0-1022" }, { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-buildinfo-6.5.0-1022-azure" }, { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-cloud-tools-6.5.0-1022-azure" }, { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-headers-6.5.0-1022-azure" }, { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-1022-azure" }, { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-1022-azure-dbgsym" }, { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-modules-6.5.0-1022-azure" }, { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-modules-extra-6.5.0-1022-azure" }, { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-tools-6.5.0-1022-azure" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "6.5.0-1022.24~22.04.1", "binary_name": "linux-buildinfo-6.5.0-1022-gcp" }, { "binary_version": "6.5.0-1022.24~22.04.1", "binary_name": "linux-gcp-6.5-headers-6.5.0-1022" }, { "binary_version": "6.5.0-1022.24~22.04.1", "binary_name": "linux-gcp-6.5-tools-6.5.0-1022" }, { "binary_version": "6.5.0-1022.24~22.04.1", "binary_name": "linux-headers-6.5.0-1022-gcp" }, { "binary_version": "6.5.0-1022.24~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-1022-gcp" }, { "binary_version": "6.5.0-1022.24~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-1022-gcp-dbgsym" }, { "binary_version": "6.5.0-1022.24~22.04.1", "binary_name": "linux-modules-6.5.0-1022-gcp" }, { "binary_version": "6.5.0-1022.24~22.04.1", "binary_name": "linux-modules-extra-6.5.0-1022-gcp" }, { "binary_version": "6.5.0-1022.24~22.04.1", "binary_name": "linux-modules-iwlwifi-6.5.0-1022-gcp" }, { "binary_version": "6.5.0-1022.24~22.04.1", "binary_name": "linux-tools-6.5.0-1022-gcp" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-buildinfo-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-buildinfo-6.5.0-41-generic-64k" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-cloud-tools-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-headers-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-headers-6.5.0-41-generic-64k" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-hwe-6.5-cloud-tools-6.5.0-41" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-hwe-6.5-cloud-tools-common" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-hwe-6.5-headers-6.5.0-41" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-hwe-6.5-tools-6.5.0-41" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-hwe-6.5-tools-common" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-hwe-6.5-tools-host" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-image-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-image-6.5.0-41-generic-dbgsym" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-image-unsigned-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-image-unsigned-6.5.0-41-generic-64k" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-image-unsigned-6.5.0-41-generic-64k-dbgsym" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-image-unsigned-6.5.0-41-generic-dbgsym" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-modules-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-modules-6.5.0-41-generic-64k" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-modules-extra-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-modules-ipu6-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-modules-ivsc-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-modules-iwlwifi-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-source-6.5.0" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-tools-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-tools-6.5.0-41-generic-64k" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-buildinfo-6.5.0-41-lowlatency" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-buildinfo-6.5.0-41-lowlatency-64k" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-cloud-tools-6.5.0-41-lowlatency" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-headers-6.5.0-41-lowlatency" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-headers-6.5.0-41-lowlatency-64k" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-41-lowlatency" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-41-lowlatency-64k" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-41-lowlatency-64k-dbgsym" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-41-lowlatency-dbgsym" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-lowlatency-hwe-6.5-cloud-tools-6.5.0-41" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-lowlatency-hwe-6.5-cloud-tools-common" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-lowlatency-hwe-6.5-headers-6.5.0-41" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-lowlatency-hwe-6.5-lib-rust-6.5.0-41-lowlatency" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-lowlatency-hwe-6.5-tools-6.5.0-41" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-lowlatency-hwe-6.5-tools-common" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-lowlatency-hwe-6.5-tools-host" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-modules-6.5.0-41-lowlatency" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-modules-6.5.0-41-lowlatency-64k" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-modules-iwlwifi-6.5.0-41-lowlatency" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-tools-6.5.0-41-lowlatency" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-tools-6.5.0-41-lowlatency-64k" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "6.5.0-1021.22", "binary_name": "linux-buildinfo-6.5.0-1021-nvidia" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-buildinfo-6.5.0-1021-nvidia-64k" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-headers-6.5.0-1021-nvidia" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-headers-6.5.0-1021-nvidia-64k" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-image-unsigned-6.5.0-1021-nvidia" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-image-unsigned-6.5.0-1021-nvidia-64k" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-image-unsigned-6.5.0-1021-nvidia-64k-dbgsym" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-image-unsigned-6.5.0-1021-nvidia-dbgsym" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-modules-6.5.0-1021-nvidia" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-modules-6.5.0-1021-nvidia-64k" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-modules-extra-6.5.0-1021-nvidia" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-modules-nvidia-fs-6.5.0-1021-nvidia" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-modules-nvidia-fs-6.5.0-1021-nvidia-64k" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-nvidia-6.5-headers-6.5.0-1021" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-nvidia-6.5-tools-6.5.0-1021" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-nvidia-6.5-tools-host" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-tools-6.5.0-1021-nvidia" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-tools-6.5.0-1021-nvidia-64k" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "6.5.0-1024.25", "binary_name": "linux-buildinfo-6.5.0-1024-oem" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-headers-6.5.0-1024-oem" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-image-unsigned-6.5.0-1024-oem" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-image-unsigned-6.5.0-1024-oem-dbgsym" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-modules-6.5.0-1024-oem" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-modules-ipu6-6.5.0-1024-oem" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-modules-ivsc-6.5.0-1024-oem" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-modules-iwlwifi-6.5.0-1024-oem" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-modules-usbio-6.5.0-1024-oem" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-oem-6.5-headers-6.5.0-1024" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-oem-6.5-lib-rust-6.5.0-1024-oem" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-oem-6.5-tools-6.5.0-1024" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-oem-6.5-tools-host" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-tools-6.5.0-1024-oem" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-buildinfo-6.5.0-1024-oracle" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-buildinfo-6.5.0-1024-oracle-64k" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-headers-6.5.0-1024-oracle" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-headers-6.5.0-1024-oracle-64k" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-1024-oracle" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-1024-oracle-64k" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-1024-oracle-64k-dbgsym" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-1024-oracle-dbgsym" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-modules-6.5.0-1024-oracle" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-modules-6.5.0-1024-oracle-64k" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-modules-extra-6.5.0-1024-oracle" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-modules-extra-6.5.0-1024-oracle-64k" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-oracle-6.5-headers-6.5.0-1024" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-oracle-6.5-tools-6.5.0-1024" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-tools-6.5.0-1024-oracle" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-tools-6.5.0-1024-oracle-64k" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "6.5.0-40.40.1~22.04.1", "binary_name": "linux-buildinfo-6.5.0-40-generic" }, { "binary_version": "6.5.0-40.40.1~22.04.1", "binary_name": "linux-headers-6.5.0-40-generic" }, { "binary_version": "6.5.0-40.40.1~22.04.1", "binary_name": "linux-image-6.5.0-40-generic" }, { "binary_version": "6.5.0-40.40.1~22.04.1", "binary_name": "linux-image-6.5.0-40-generic-dbgsym" }, { "binary_version": "6.5.0-40.40.1~22.04.1", "binary_name": "linux-modules-6.5.0-40-generic" }, { "binary_version": "6.5.0-40.40.1~22.04.1", "binary_name": "linux-modules-extra-6.5.0-40-generic" }, { "binary_version": "6.5.0-40.40.1~22.04.1", "binary_name": "linux-riscv-6.5-headers-6.5.0-40" }, { "binary_version": "6.5.0-40.40.1~22.04.1", "binary_name": "linux-riscv-6.5-tools-6.5.0-40" }, { "binary_version": "6.5.0-40.40.1~22.04.1", "binary_name": "linux-tools-6.5.0-40-generic" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "6.5.0-1015.16~22.04.1", "binary_name": "linux-buildinfo-6.5.0-1015-starfive" }, { "binary_version": "6.5.0-1015.16~22.04.1", "binary_name": "linux-headers-6.5.0-1015-starfive" }, { "binary_version": "6.5.0-1015.16~22.04.1", "binary_name": "linux-image-6.5.0-1015-starfive" }, { "binary_version": "6.5.0-1015.16~22.04.1", "binary_name": "linux-image-6.5.0-1015-starfive-dbgsym" }, { "binary_version": "6.5.0-1015.16~22.04.1", "binary_name": "linux-modules-6.5.0-1015-starfive" }, { "binary_version": "6.5.0-1015.16~22.04.1", "binary_name": "linux-modules-extra-6.5.0-1015-starfive" }, { "binary_version": "6.5.0-1015.16~22.04.1", "binary_name": "linux-starfive-6.5-headers-6.5.0-1015" }, { "binary_version": "6.5.0-1015.16~22.04.1", "binary_name": "linux-starfive-6.5-tools-6.5.0-1015" }, { "binary_version": "6.5.0-1015.16~22.04.1", "binary_name": "linux-tools-6.5.0-1015-starfive" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "6.8.0-2001.1", "binary_name": "linux-buildinfo-6.8.0-2001-raspi-realtime" }, { "binary_version": "6.8.0-2001.1", "binary_name": "linux-headers-6.8.0-2001-raspi-realtime" }, { "binary_version": "6.8.0-2001.1", "binary_name": "linux-image-6.8.0-2001-raspi-realtime" }, { "binary_version": "6.8.0-2001.1", "binary_name": "linux-image-6.8.0-2001-raspi-realtime-dbgsym" }, { "binary_version": "6.8.0-2001.1", "binary_name": "linux-modules-6.8.0-2001-raspi-realtime" }, { "binary_version": "6.8.0-2001.1", "binary_name": "linux-raspi-realtime-headers-6.8.0-2001" }, { "binary_version": "6.8.0-2001.1", "binary_name": "linux-raspi-realtime-tools-6.8.0-2001" }, { "binary_version": "6.8.0-2001.1", "binary_name": "linux-tools-6.8.0-2001-raspi-realtime" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }