In the Linux kernel, the following vulnerability has been resolved: bpf: check changespktdata property for extension programs When processing calls to global sub-programs, verifier decides whether to invalidate all packet pointers in current state depending on the changespktdata property of the global sub-program. Because of this, an extension program replacing a global sub-program must be compatible with changespktdata property of the sub-program being replaced. This commit: - adds changespktdata flag to struct bpfprogaux: - this flag is set in checkcfg() for main sub-program; - in jitsubprogs() for other sub-programs; - modifies bpfcheckattachbtfid() to check changespktdata flag; - moves call to checkattachbtfid() after the call to checkcfg(), because it needs changespktdata flag to be set: bpfcheck: ... ... - checkattachbtfid resolvepseudoldimm64 resolvepseudoldimm64 --> bpfprogisoffloaded bpfprogisoffloaded checkcfg checkcfg + checkattachbtfid ... ... The following fields are set by checkattachbtfid(): - env->ops - prog->aux->attachbtftrace - prog->aux->attachfuncname - prog->aux->attachfuncproto - prog->aux->dsttrampoline - prog->aux->mod - prog->aux->saveddstattachtype - prog->aux->saveddstprogtype - prog->expectedattachtype Neither of these fields are used by resolvepseudoldimm64() or bpfprogoffloadverifier_prep() (for netronome and netdevsim drivers), so the reordering is safe.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.14.0-7.7", "binary_name": "linux-bpf-dev" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-buildinfo-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-buildinfo-6.14.0-7-generic-64k" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-cloud-tools-6.14.0-7" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-cloud-tools-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-cloud-tools-common" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-doc" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-headers-6.14.0-7" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-headers-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-headers-6.14.0-7-generic-64k" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-image-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-image-6.14.0-7-generic-dbgsym" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-image-unsigned-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-image-unsigned-6.14.0-7-generic-64k" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-image-unsigned-6.14.0-7-generic-64k-dbgsym" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-image-unsigned-6.14.0-7-generic-dbgsym" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-lib-rust-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-libc-dev" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-modules-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-modules-6.14.0-7-generic-64k" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-modules-extra-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-modules-usbio-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-modules-vision-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-source-6.14.0" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-tools-6.14.0-7" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-tools-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-tools-6.14.0-7-generic-64k" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-tools-common" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-tools-host" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.14.0-1003.3", "binary_name": "linux-aws-cloud-tools-6.14.0-1003" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-aws-headers-6.14.0-1003" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-aws-tools-6.14.0-1003" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-buildinfo-6.14.0-1003-aws" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-cloud-tools-6.14.0-1003-aws" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-headers-6.14.0-1003-aws" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-image-unsigned-6.14.0-1003-aws" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-image-unsigned-6.14.0-1003-aws-dbgsym" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-modules-6.14.0-1003-aws" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-modules-extra-6.14.0-1003-aws" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-tools-6.14.0-1003-aws" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.14.0-1002.2", "binary_name": "linux-azure-cloud-tools-6.14.0-1002" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-azure-headers-6.14.0-1002" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-azure-tools-6.14.0-1002" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-buildinfo-6.14.0-1002-azure" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-cloud-tools-6.14.0-1002-azure" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-headers-6.14.0-1002-azure" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-image-unsigned-6.14.0-1002-azure" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-image-unsigned-6.14.0-1002-azure-dbgsym" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-modules-6.14.0-1002-azure" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-modules-extra-6.14.0-1002-azure" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-tools-6.14.0-1002-azure" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.14.0-1002.2", "binary_name": "linux-buildinfo-6.14.0-1002-gcp" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-buildinfo-6.14.0-1002-gcp-64k" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-gcp-headers-6.14.0-1002" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-gcp-tools-6.14.0-1002" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-headers-6.14.0-1002-gcp" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-headers-6.14.0-1002-gcp-64k" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-image-unsigned-6.14.0-1002-gcp" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-image-unsigned-6.14.0-1002-gcp-64k" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-image-unsigned-6.14.0-1002-gcp-64k-dbgsym" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-image-unsigned-6.14.0-1002-gcp-dbgsym" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-modules-6.14.0-1002-gcp" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-modules-6.14.0-1002-gcp-64k" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-modules-extra-6.14.0-1002-gcp" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-modules-extra-6.14.0-1002-gcp-64k" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-tools-6.14.0-1002-gcp" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-tools-6.14.0-1002-gcp-64k" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.14.0-1002.2", "binary_name": "linux-buildinfo-6.14.0-1002-oracle" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-buildinfo-6.14.0-1002-oracle-64k" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-headers-6.14.0-1002-oracle" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-headers-6.14.0-1002-oracle-64k" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-image-unsigned-6.14.0-1002-oracle" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-image-unsigned-6.14.0-1002-oracle-64k" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-image-unsigned-6.14.0-1002-oracle-64k-dbgsym" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-image-unsigned-6.14.0-1002-oracle-dbgsym" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-modules-6.14.0-1002-oracle" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-modules-6.14.0-1002-oracle-64k" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-modules-extra-6.14.0-1002-oracle" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-modules-extra-6.14.0-1002-oracle-64k" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-oracle-headers-6.14.0-1002" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-oracle-tools-6.14.0-1002" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-tools-6.14.0-1002-oracle" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-tools-6.14.0-1002-oracle-64k" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.14.0-1003.3", "binary_name": "linux-buildinfo-6.14.0-1003-raspi" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-headers-6.14.0-1003-raspi" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-image-6.14.0-1003-raspi" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-image-6.14.0-1003-raspi-dbgsym" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-modules-6.14.0-1003-raspi" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-raspi-headers-6.14.0-1003" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-raspi-tools-6.14.0-1003" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-tools-6.14.0-1003-raspi" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.14.0-1001.1", "binary_name": "linux-buildinfo-6.14.0-1001-realtime" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-cloud-tools-6.14.0-1001-realtime" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-headers-6.14.0-1001-realtime" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-image-unsigned-6.14.0-1001-realtime" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-image-unsigned-6.14.0-1001-realtime-dbgsym" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-modules-6.14.0-1001-realtime" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-modules-extra-6.14.0-1001-realtime" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-modules-iwlwifi-6.14.0-1001-realtime" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-realtime-cloud-tools-6.14.0-1001" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-realtime-headers-6.14.0-1001" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-realtime-tools-6.14.0-1001" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-tools-6.14.0-1001-realtime" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.14.0-7.7.1", "binary_name": "linux-buildinfo-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7.1", "binary_name": "linux-headers-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7.1", "binary_name": "linux-image-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7.1", "binary_name": "linux-image-6.14.0-7-generic-dbgsym" }, { "binary_version": "6.14.0-7.7.1", "binary_name": "linux-modules-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7.1", "binary_name": "linux-riscv-headers-6.14.0-7" }, { "binary_version": "6.14.0-7.7.1", "binary_name": "linux-riscv-tools-6.14.0-7" }, { "binary_version": "6.14.0-7.7.1", "binary_name": "linux-tools-6.14.0-7-generic" } ] }