cvelistv5 - CVE-2024-58237

CVE-2024-58237 (GCVE-0-2024-58237)

Vulnerability from cvelistv5 – Published: 2025-05-05 14:53 – Updated: 2025-05-09 08:06

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf: consider that tail calls invalidate packet pointers Tail-called programs could execute any of the helpers that invalidate packet pointers. Hence, conservatively assume that each tail call invalidates packet pointers. Making the change in bpf_helper_changes_pkt_data() automatically makes use of check_cfg() logic that computes 'changes_pkt_data' effect for global sub-programs, such that the following program could be rejected: int tail_call(struct __sk_buff *sk) { bpf_tail_call_static(sk, &jmp_table, 0); return 0; } SEC("tc") int not_safe(struct __sk_buff *sk) { int *p = (void *)(long)sk->data; ... make p valid ... tail_call(sk); *p = 42; /* this is unsafe */ ... } The tc_bpf2bpf.c:subprog_tc() needs change: mark it as a function that can invalidate packet pointers. Otherwise, it can't be freplaced with tailcall_freplace.c:entry_freplace() that does a tail call.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f1692ee23dcaaddc2…
	https://git.kernel.org/stable/c/1c2244437f9ad3dd9…
	https://git.kernel.org/stable/c/1a4607ffba35bf2a6…

Impacted products

Vendor

Product

Version

Linux

Affected: 51c39bb1d5d105a02e29aa7960f0a395086e6342 , < f1692ee23dcaaddc24ba407b269707ee5df1301f (git)
Affected: 51c39bb1d5d105a02e29aa7960f0a395086e6342 , < 1c2244437f9ad3dd91215f920401a14f2542dbfc (git)
Affected: 51c39bb1d5d105a02e29aa7960f0a395086e6342 , < 1a4607ffba35bf2a630aab299e34dd3f6e658d70 (git)

Linux

Affected: 5.6
Unaffected: 0 , < 5.6 (semver)
Unaffected: 6.6.90 , ≤ 6.6.* (semver)
Unaffected: 6.12.9 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

Vendor	Product	Description
SUSE	N/A	SUSE Linux Enterprise Micro for Rancher 5.3
SUSE	N/A	SUSE Manager Proxy 4.2
SUSE	N/A	SUSE Linux Enterprise Micro 5.3
SUSE	N/A	SUSE Linux Enterprise Real Time 15 SP7
SUSE	N/A	SUSE Linux Enterprise Micro for Rancher 5.2
SUSE	N/A	SUSE Linux Enterprise Workstation Extension 15 SP7
SUSE	N/A	SUSE Real Time Module 15-SP6
SUSE	N/A	SUSE Linux Enterprise High Performance Computing 12 SP5
SUSE	N/A	SUSE Linux Enterprise Server 12 SP5
SUSE	N/A	Legacy Module 15-SP7
SUSE	N/A	SUSE Linux Enterprise Micro for Rancher 5.4
SUSE	N/A	SUSE Linux Enterprise High Availability Extension 15 SP7
SUSE	N/A	SUSE Linux Enterprise Server 12 SP5 LTSS
SUSE	N/A	SUSE Linux Enterprise Desktop 15 SP7
SUSE	N/A	SUSE Linux Enterprise Live Patching 15-SP3
SUSE	N/A	SUSE Linux Enterprise Server 11 SP4
SUSE	N/A	SUSE Linux Enterprise Server for SAP Applications 15 SP7
SUSE	N/A	openSUSE Leap 15.5
SUSE	N/A	SUSE Linux Enterprise High Availability Extension 15 SP3
SUSE	N/A	SUSE Linux Enterprise Live Patching 15-SP6
SUSE	N/A	SUSE Linux Enterprise Server 15 SP3 Business Critical Linux
SUSE	N/A	SUSE Linux Enterprise Live Patching 12-SP5
SUSE	N/A	SUSE Manager Retail Branch Server 4.2
SUSE	N/A	SUSE Linux Enterprise Server 15 SP7
SUSE	N/A	SUSE Linux Enterprise Live Patching 15-SP7
SUSE	N/A	SUSE Linux Enterprise Server 15 SP3
SUSE	N/A	SUSE Linux Enterprise Micro 5.2
SUSE	N/A	SUSE Linux Enterprise Real Time 15 SP6
SUSE	N/A	openSUSE Leap 15.6
SUSE	N/A	SUSE Enterprise Storage 7.1
SUSE	N/A	Development Tools Module 15-SP7
SUSE	N/A	SUSE Manager Server 4.2
SUSE	N/A	SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE	N/A	SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
SUSE	N/A	SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE	N/A	SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE	N/A	SUSE Linux Enterprise Server 15 SP3 LTSS
SUSE	N/A	SUSE Linux Enterprise Micro 5.1
SUSE	N/A	SUSE Linux Enterprise Micro 5.4
SUSE	N/A	Basesystem Module 15-SP7
SUSE	N/A	SUSE Linux Enterprise Server for SAP Applications 15 SP6
SUSE	N/A	SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security
SUSE	N/A	SUSE Linux Enterprise Server 15 SP6
SUSE	N/A	SUSE Real Time Module 15-SP7
SUSE	N/A	SUSE Linux Enterprise Micro 5.5

Vendor	Product	Description
SUSE	Public Cloud Module	Public Cloud Module 15-SP7
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE	SUSE Linux Enterprise High Availability Extension	SUSE Linux Enterprise High Availability Extension 15 SP4
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 15-SP5
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP Applications 15 SP6
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing 15 SP4
SUSE	SUSE Manager Retail Branch Server	SUSE Manager Retail Branch Server 4.3
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 15 SP4 LTSS
SUSE	N/A	openSUSE Leap 15.4
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 15 SP5
SUSE	N/A	openSUSE Leap 15.5
SUSE	SUSE Linux Enterprise Micro	SUSE Linux Enterprise Micro for Rancher 5.4
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
SUSE	Public Cloud Module	Public Cloud Module 15-SP6
SUSE	SUSE Linux Enterprise Micro	SUSE Linux Enterprise Micro 5.3
SUSE	SUSE Linux Enterprise Real Time	SUSE Linux Enterprise Real Time 15 SP5
SUSE	SUSE Linux Enterprise Micro	SUSE Linux Enterprise Micro for Rancher 5.3
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 15 SP6
SUSE	N/A	openSUSE Leap 15.6
SUSE	SUSE Linux Enterprise Real Time	SUSE Linux Enterprise Real Time 15 SP4
SUSE	SUSE Manager Proxy	SUSE Manager Proxy 4.3
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP Applications 15 SP7
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE	SUSE Linux Enterprise Micro	SUSE Linux Enterprise Micro 5.5
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 15 SP4
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 15 SP7
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 15 SP5 LTSS
SUSE	SUSE Manager Server	SUSE Manager Server 4.3
SUSE	SUSE Linux Enterprise Micro	SUSE Linux Enterprise Micro 5.4
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 15-SP4

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/1a4607ffba35bf2a630aab299e34dd3f6e658d70	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/1c2244437f9ad3dd91215f920401a14f2542dbfc	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f1692ee23dcaaddc24ba407b269707ee5df1301f	Patch

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	6.13
linux	linux_kernel	6.13

Action not permitted

CVE-2024-58237 (GCVE-0-2024-58237)

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Tags

Sightings

Nomenclature