CVE-2023-52621

CVE Details

Release Date:

2024-03-26

Description

In the Linux kernel, the following vulnerability has been resolved:\nbpf: Check rcu_read_lock_trace_held() before calling bpf map helpers\nThese three bpf_map_{lookup,update,delete}_elem() helpers are also\navailable for sleepable bpf program, so add the corresponding lock\nassertion for sleepable bpf program, otherwise the following warning\nwill be reported when a sleepable bpf program manipulates bpf map under\ninterpreter mode (aka bpf_jit_enable=0):\nWARNING: CPU: 3 PID: 4985 at kernel/bpf/helpers.c:40 ......\nCPU: 3 PID: 4985 Comm: test_progs Not tainted 6.6.0+ #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996) ......\nRIP: 0010:bpf_map_lookup_elem+0x54/0x60\n......\nCall Trace:\n\n? __warn+0xa5/0x240\n? bpf_map_lookup_elem+0x54/0x60\n? report_bug+0x1ba/0x1f0\n? handle_bug+0x40/0x80\n? exc_invalid_op+0x18/0x50\n? asm_exc_invalid_op+0x1b/0x20\n? __pfx_bpf_map_lookup_elem+0x10/0x10\n? rcu_lockdep_current_cpu_online+0x65/0xb0\n? rcu_is_watching+0x23/0x50\n? bpf_map_lookup_elem+0x54/0x60\n? __pfx_bpf_map_lookup_elem+0x10/0x10\n___bpf_prog_run+0x513/0x3b70\n__bpf_prog_run32+0x9d/0xd0\n? __bpf_prog_enter_sleepable_recur+0xad/0x120\n? __bpf_prog_enter_sleepable_recur+0x3e/0x120\nbpf_trampoline_6442580665+0x4d/0x1000\n__x64_sys_getpgid+0x5/0x30\n? do_syscall_64+0x36/0xb0\nentry_SYSCALL_64_after_hwframe+0x6e/0x76\n

See more information about CVE-2023-52621 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	4.4	CVSS Vector:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector:	Local network	Attack Complexity:	Low
Privileges Required:	High	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	None	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 9 (kernel)	ELSA-2024-9315	2024-11-14