In the Linux kernel, the following vulnerability has been resolved: bpf: check changespktdata property for extension programs When processing calls to global sub-programs, verifier decides whether to invalidate all packet pointers in current state depending on the changespktdata property of the global sub-program. Because of this, an extension program replacing a global sub-program must be compatible with changespktdata property of the sub-program being replaced. This commit: - adds changespktdata flag to struct bpfprogaux: - this flag is set in checkcfg() for main sub-program; - in jitsubprogs() for other sub-programs; - modifies bpfcheckattachbtfid() to check changespktdata flag; - moves call to checkattachbtfid() after the call to checkcfg(), because it needs changespktdata flag to be set: bpfcheck: ... ... - checkattachbtfid resolvepseudoldimm64 resolvepseudoldimm64 --> bpfprogisoffloaded bpfprogisoffloaded checkcfg checkcfg + checkattachbtfid ... ... The following fields are set by checkattachbtfid(): - env->ops - prog->aux->attachbtftrace - prog->aux->attachfuncname - prog->aux->attachfuncproto - prog->aux->dsttrampoline - prog->aux->mod - prog->aux->saveddstattachtype - prog->aux->saveddstprogtype - prog->expectedattachtype Neither of these fields are used by resolvepseudoldimm64() or bpfprogoffloadverifier_prep() (for netronome and netdevsim drivers), so the reordering is safe.
{ "binaries": [ { "binary_name": "linux-buildinfo-6.14.0-1005-oem", "binary_version": "6.14.0-1005.5" }, { "binary_name": "linux-headers-6.14.0-1005-oem", "binary_version": "6.14.0-1005.5" }, { "binary_name": "linux-image-unsigned-6.14.0-1005-oem", "binary_version": "6.14.0-1005.5" }, { "binary_name": "linux-image-unsigned-6.14.0-1005-oem-dbgsym", "binary_version": "6.14.0-1005.5" }, { "binary_name": "linux-modules-6.14.0-1005-oem", "binary_version": "6.14.0-1005.5" }, { "binary_name": "linux-modules-ipu6-6.14.0-1005-oem", "binary_version": "6.14.0-1005.5" }, { "binary_name": "linux-modules-ipu7-6.14.0-1005-oem", "binary_version": "6.14.0-1005.5" }, { "binary_name": "linux-modules-iwlwifi-6.14.0-1005-oem", "binary_version": "6.14.0-1005.5" }, { "binary_name": "linux-modules-usbio-6.14.0-1005-oem", "binary_version": "6.14.0-1005.5" }, { "binary_name": "linux-modules-vision-6.14.0-1005-oem", "binary_version": "6.14.0-1005.5" }, { "binary_name": "linux-oem-6.14-headers-6.14.0-1005", "binary_version": "6.14.0-1005.5" }, { "binary_name": "linux-oem-6.14-tools-6.14.0-1005", "binary_version": "6.14.0-1005.5" }, { "binary_name": "linux-tools-6.14.0-1005-oem", "binary_version": "6.14.0-1005.5" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }
{ "binaries": [ { "binary_name": "linux-bpf-dev", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-buildinfo-6.14.0-7-generic", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-buildinfo-6.14.0-7-generic-64k", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-cloud-tools-6.14.0-7", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-cloud-tools-6.14.0-7-generic", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-cloud-tools-common", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-doc", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-headers-6.14.0-7", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-headers-6.14.0-7-generic", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-headers-6.14.0-7-generic-64k", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-image-6.14.0-7-generic", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-image-6.14.0-7-generic-dbgsym", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-image-unsigned-6.14.0-7-generic", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-image-unsigned-6.14.0-7-generic-64k", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-image-unsigned-6.14.0-7-generic-64k-dbgsym", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-image-unsigned-6.14.0-7-generic-dbgsym", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-lib-rust-6.14.0-7-generic", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-libc-dev", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-modules-6.14.0-7-generic", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-modules-6.14.0-7-generic-64k", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-modules-extra-6.14.0-7-generic", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-modules-usbio-6.14.0-7-generic", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-modules-vision-6.14.0-7-generic", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-source-6.14.0", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-tools-6.14.0-7", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-tools-6.14.0-7-generic", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-tools-6.14.0-7-generic-64k", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-tools-common", "binary_version": "6.14.0-7.7" }, { "binary_name": "linux-tools-host", "binary_version": "6.14.0-7.7" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }
{ "binaries": [ { "binary_name": "linux-aws-cloud-tools-6.14.0-1003", "binary_version": "6.14.0-1003.3" }, { "binary_name": "linux-aws-headers-6.14.0-1003", "binary_version": "6.14.0-1003.3" }, { "binary_name": "linux-aws-tools-6.14.0-1003", "binary_version": "6.14.0-1003.3" }, { "binary_name": "linux-buildinfo-6.14.0-1003-aws", "binary_version": "6.14.0-1003.3" }, { "binary_name": "linux-cloud-tools-6.14.0-1003-aws", "binary_version": "6.14.0-1003.3" }, { "binary_name": "linux-headers-6.14.0-1003-aws", "binary_version": "6.14.0-1003.3" }, { "binary_name": "linux-image-unsigned-6.14.0-1003-aws", "binary_version": "6.14.0-1003.3" }, { "binary_name": "linux-image-unsigned-6.14.0-1003-aws-dbgsym", "binary_version": "6.14.0-1003.3" }, { "binary_name": "linux-modules-6.14.0-1003-aws", "binary_version": "6.14.0-1003.3" }, { "binary_name": "linux-modules-extra-6.14.0-1003-aws", "binary_version": "6.14.0-1003.3" }, { "binary_name": "linux-tools-6.14.0-1003-aws", "binary_version": "6.14.0-1003.3" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }
{ "binaries": [ { "binary_name": "linux-azure-cloud-tools-6.14.0-1002", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-azure-headers-6.14.0-1002", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-azure-tools-6.14.0-1002", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-buildinfo-6.14.0-1002-azure", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-cloud-tools-6.14.0-1002-azure", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-headers-6.14.0-1002-azure", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-image-unsigned-6.14.0-1002-azure", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-image-unsigned-6.14.0-1002-azure-dbgsym", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-modules-6.14.0-1002-azure", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-modules-extra-6.14.0-1002-azure", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-tools-6.14.0-1002-azure", "binary_version": "6.14.0-1002.2" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }
{ "binaries": [ { "binary_name": "linux-buildinfo-6.14.0-1002-gcp", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-buildinfo-6.14.0-1002-gcp-64k", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-gcp-headers-6.14.0-1002", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-gcp-tools-6.14.0-1002", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-headers-6.14.0-1002-gcp", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-headers-6.14.0-1002-gcp-64k", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-image-unsigned-6.14.0-1002-gcp", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-image-unsigned-6.14.0-1002-gcp-64k", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-image-unsigned-6.14.0-1002-gcp-64k-dbgsym", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-image-unsigned-6.14.0-1002-gcp-dbgsym", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-modules-6.14.0-1002-gcp", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-modules-6.14.0-1002-gcp-64k", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-modules-extra-6.14.0-1002-gcp", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-modules-extra-6.14.0-1002-gcp-64k", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-tools-6.14.0-1002-gcp", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-tools-6.14.0-1002-gcp-64k", "binary_version": "6.14.0-1002.2" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }
{ "binaries": [ { "binary_name": "linux-buildinfo-6.14.0-1002-oracle", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-buildinfo-6.14.0-1002-oracle-64k", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-headers-6.14.0-1002-oracle", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-headers-6.14.0-1002-oracle-64k", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-image-unsigned-6.14.0-1002-oracle", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-image-unsigned-6.14.0-1002-oracle-64k", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-image-unsigned-6.14.0-1002-oracle-64k-dbgsym", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-image-unsigned-6.14.0-1002-oracle-dbgsym", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-modules-6.14.0-1002-oracle", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-modules-6.14.0-1002-oracle-64k", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-modules-extra-6.14.0-1002-oracle", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-modules-extra-6.14.0-1002-oracle-64k", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-oracle-headers-6.14.0-1002", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-oracle-tools-6.14.0-1002", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-tools-6.14.0-1002-oracle", "binary_version": "6.14.0-1002.2" }, { "binary_name": "linux-tools-6.14.0-1002-oracle-64k", "binary_version": "6.14.0-1002.2" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }
{ "binaries": [ { "binary_name": "linux-buildinfo-6.14.0-1003-raspi", "binary_version": "6.14.0-1003.3" }, { "binary_name": "linux-headers-6.14.0-1003-raspi", "binary_version": "6.14.0-1003.3" }, { "binary_name": "linux-image-6.14.0-1003-raspi", "binary_version": "6.14.0-1003.3" }, { "binary_name": "linux-image-6.14.0-1003-raspi-dbgsym", "binary_version": "6.14.0-1003.3" }, { "binary_name": "linux-modules-6.14.0-1003-raspi", "binary_version": "6.14.0-1003.3" }, { "binary_name": "linux-raspi-headers-6.14.0-1003", "binary_version": "6.14.0-1003.3" }, { "binary_name": "linux-raspi-tools-6.14.0-1003", "binary_version": "6.14.0-1003.3" }, { "binary_name": "linux-tools-6.14.0-1003-raspi", "binary_version": "6.14.0-1003.3" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }
{ "binaries": [ { "binary_name": "linux-buildinfo-6.14.0-1001-realtime", "binary_version": "6.14.0-1001.1" }, { "binary_name": "linux-cloud-tools-6.14.0-1001-realtime", "binary_version": "6.14.0-1001.1" }, { "binary_name": "linux-headers-6.14.0-1001-realtime", "binary_version": "6.14.0-1001.1" }, { "binary_name": "linux-image-unsigned-6.14.0-1001-realtime", "binary_version": "6.14.0-1001.1" }, { "binary_name": "linux-image-unsigned-6.14.0-1001-realtime-dbgsym", "binary_version": "6.14.0-1001.1" }, { "binary_name": "linux-modules-6.14.0-1001-realtime", "binary_version": "6.14.0-1001.1" }, { "binary_name": "linux-modules-extra-6.14.0-1001-realtime", "binary_version": "6.14.0-1001.1" }, { "binary_name": "linux-modules-iwlwifi-6.14.0-1001-realtime", "binary_version": "6.14.0-1001.1" }, { "binary_name": "linux-realtime-cloud-tools-6.14.0-1001", "binary_version": "6.14.0-1001.1" }, { "binary_name": "linux-realtime-headers-6.14.0-1001", "binary_version": "6.14.0-1001.1" }, { "binary_name": "linux-realtime-tools-6.14.0-1001", "binary_version": "6.14.0-1001.1" }, { "binary_name": "linux-tools-6.14.0-1001-realtime", "binary_version": "6.14.0-1001.1" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }
{ "binaries": [ { "binary_name": "linux-buildinfo-6.14.0-7-generic", "binary_version": "6.14.0-7.7.1" }, { "binary_name": "linux-headers-6.14.0-7-generic", "binary_version": "6.14.0-7.7.1" }, { "binary_name": "linux-image-6.14.0-7-generic", "binary_version": "6.14.0-7.7.1" }, { "binary_name": "linux-image-6.14.0-7-generic-dbgsym", "binary_version": "6.14.0-7.7.1" }, { "binary_name": "linux-modules-6.14.0-7-generic", "binary_version": "6.14.0-7.7.1" }, { "binary_name": "linux-riscv-headers-6.14.0-7", "binary_version": "6.14.0-7.7.1" }, { "binary_name": "linux-riscv-tools-6.14.0-7", "binary_version": "6.14.0-7.7.1" }, { "binary_name": "linux-tools-6.14.0-7-generic", "binary_version": "6.14.0-7.7.1" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }