-

CVE-2023-54173

In the Linux kernel, the following vulnerability has been resolved:

bpf: Disable preemption in bpf_event_output

We received report [1] of kernel crash, which is caused by
using nesting protection without disabled preemption.

The bpf_event_output can be called by programs executed by
bpf_prog_run_array_cg function that disabled migration but
keeps preemption enabled.

This can cause task to be preempted by another one inside the
nesting protection and lead eventually to two tasks using same
perf_sample_data buffer and cause crashes like:

  BUG: kernel NULL pointer dereference, address: 0000000000000001
  #PF: supervisor instruction fetch in kernel mode
  #PF: error_code(0x0010) - not-present page
  ...
  ? perf_output_sample+0x12a/0x9a0
  ? finish_task_switch.isra.0+0x81/0x280
  ? perf_event_output+0x66/0xa0
  ? bpf_event_output+0x13a/0x190
  ? bpf_event_output_data+0x22/0x40
  ? bpf_prog_dfc84bbde731b257_cil_sock4_connect+0x40a/0xacb
  ? xa_load+0x87/0xe0
  ? __cgroup_bpf_run_filter_sock_addr+0xc1/0x1a0
  ? release_sock+0x3e/0x90
  ? sk_setsockopt+0x1a1/0x12f0
  ? udp_pre_connect+0x36/0x50
  ? inet_dgram_connect+0x93/0xa0
  ? __sys_connect+0xb4/0xe0
  ? udp_setsockopt+0x27/0x40
  ? __pfx_udp_push_pending_frames+0x10/0x10
  ? __sys_setsockopt+0xdf/0x1a0
  ? __x64_sys_connect+0xf/0x20
  ? do_syscall_64+0x3a/0x90
  ? entry_SYSCALL_64_after_hwframe+0x72/0xdc

Fixing this by disabling preemption in bpf_event_output.

[1] https://github.com/cilium/cilium/issues/26756
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 3048cb0dc0cc9dc74ed93690dffef00733bcad5b
Version 2a916f2f546ca1c1e3323e2a4269307f6d9890eb
Status affected
Version < c81bdf8f9f2b002d217c3d5357cdea9f2b82ff90
Version 2a916f2f546ca1c1e3323e2a4269307f6d9890eb
Status affected
Version < 36dd8ca330b76585640ed32255a3c99f901e1502
Version 2a916f2f546ca1c1e3323e2a4269307f6d9890eb
Status affected
Version < 063c9ce8e74e07bf94f99cd13146f42867875e8b
Version 2a916f2f546ca1c1e3323e2a4269307f6d9890eb
Status affected
Version < d62cc390c2e99ae267ffe4b8d7e2e08b6c758c32
Version 2a916f2f546ca1c1e3323e2a4269307f6d9890eb
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.7
Status affected
Version < 5.7
Version 0
Status unaffected
Version <= 5.10.*
Version 5.10.190
Status unaffected
Version <= 5.15.*
Version 5.15.126
Status unaffected
Version <= 6.1.*
Version 6.1.45
Status unaffected
Version <= 6.4.*
Version 6.4.10
Status unaffected
Version <= *
Version 6.5
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.065
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.