5.5

CVE-2023-53221

bpf: Fix memleak due to fentry attach failure

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix memleak due to fentry attach failure

If it fails to attach fentry, the allocated bpf trampoline image will be
left in the system. That can be verified by checking /proc/kallsyms.

This meamleak can be verified by a simple bpf program as follows:

  SEC("fentry/trap_init")
  int fentry_run()
  {
      return 0;
  }

It will fail to attach trap_init because this function is freed after
kernel init, and then we can find the trampoline image is left in the
system by checking /proc/kallsyms.

  $ tail /proc/kallsyms
  ffffffffc0613000 t bpf_trampoline_6442453466_1  [bpf]
  ffffffffc06c3000 t bpf_trampoline_6442453466_1  [bpf]

  $ bpftool btf dump file /sys/kernel/btf/vmlinux | grep "FUNC 'trap_init'"
  [2522] FUNC 'trap_init' type_id=119 linkage=static

  $ echo $((6442453466 & 0x7fffffff))
  2522

Note that there are two left bpf trampoline images, that is because the
libbpf will fallback to raw tracepoint if -EINVAL is returned.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.10.28 < 5.11
LinuxLinux Kernel Version >= 5.11.11 < 5.12
LinuxLinux Kernel Version >= 5.12.1 < 6.1.39
LinuxLinux Kernel Version >= 6.2 < 6.3.13
LinuxLinux Kernel Version >= 6.4 < 6.4.4
LinuxLinux Kernel Version5.12 Update-
LinuxLinux Kernel Version5.12 Updaterc5
LinuxLinux Kernel Version5.12 Updaterc6
LinuxLinux Kernel Version5.12 Updaterc7
LinuxLinux Kernel Version5.12 Updaterc8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.041
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/20109ddd5bea2c24d790debf5d02584ef24c3f5e
Patch
https://git.kernel.org/stable/c/f72c67d1a82dada7d6d504c806e111e913721a30
Patch
https://git.kernel.org/stable/c/6aa27775db63ba8c7c73891c7dfb71ddc230c48d
Patch
https://git.kernel.org/stable/c/108598c39eefbedc9882273ac0df96127a629220
Patch