GHSA-PMX2-4VWX-FC3H

Vulnerability from github – Published: 2024-03-26 18:32 – Updated: 2025-11-03 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers

These three bpf_map_{lookup,update,delete}_elem() helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program, otherwise the following warning will be reported when a sleepable bpf program manipulates bpf map under interpreter mode (aka bpf_jit_enable=0):

WARNING: CPU: 3 PID: 4985 at kernel/bpf/helpers.c:40 ...... CPU: 3 PID: 4985 Comm: test_progs Not tainted 6.6.0+ #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ...... RIP: 0010:bpf_map_lookup_elem+0x54/0x60 ...... Call Trace: ? __warn+0xa5/0x240 ? bpf_map_lookup_elem+0x54/0x60 ? report_bug+0x1ba/0x1f0 ? handle_bug+0x40/0x80 ? exc_invalid_op+0x18/0x50 ? asm_exc_invalid_op+0x1b/0x20 ? __pfx_bpf_map_lookup_elem+0x10/0x10 ? rcu_lockdep_current_cpu_online+0x65/0xb0 ? rcu_is_watching+0x23/0x50 ? bpf_map_lookup_elem+0x54/0x60 ? __pfx_bpf_map_lookup_elem+0x10/0x10 bpfprog_run+0x513/0x3b70 bpf_prog_run32+0x9d/0xd0 ? __bpf_prog_enter_sleepable_recur+0xad/0x120 ? __bpf_prog_enter_sleepable_recur+0x3e/0x120 bpf_trampoline_6442580665+0x4d/0x1000 __x64_sys_getpgid+0x5/0x30 ? do_syscall_64+0x36/0xb0 entry_SYSCALL_64_after_hwframe+0x6e/0x76

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52621"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-26T18:15:08Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check rcu_read_lock_trace_held() before calling bpf map helpers\n\nThese three bpf_map_{lookup,update,delete}_elem() helpers are also\navailable for sleepable bpf program, so add the corresponding lock\nassertion for sleepable bpf program, otherwise the following warning\nwill be reported when a sleepable bpf program manipulates bpf map under\ninterpreter mode (aka bpf_jit_enable=0):\n\n  WARNING: CPU: 3 PID: 4985 at kernel/bpf/helpers.c:40 ......\n  CPU: 3 PID: 4985 Comm: test_progs Not tainted 6.6.0+ #2\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ......\n  RIP: 0010:bpf_map_lookup_elem+0x54/0x60\n  ......\n  Call Trace:\n   \u003cTASK\u003e\n   ? __warn+0xa5/0x240\n   ? bpf_map_lookup_elem+0x54/0x60\n   ? report_bug+0x1ba/0x1f0\n   ? handle_bug+0x40/0x80\n   ? exc_invalid_op+0x18/0x50\n   ? asm_exc_invalid_op+0x1b/0x20\n   ? __pfx_bpf_map_lookup_elem+0x10/0x10\n   ? rcu_lockdep_current_cpu_online+0x65/0xb0\n   ? rcu_is_watching+0x23/0x50\n   ? bpf_map_lookup_elem+0x54/0x60\n   ? __pfx_bpf_map_lookup_elem+0x10/0x10\n   ___bpf_prog_run+0x513/0x3b70\n   __bpf_prog_run32+0x9d/0xd0\n   ? __bpf_prog_enter_sleepable_recur+0xad/0x120\n   ? __bpf_prog_enter_sleepable_recur+0x3e/0x120\n   bpf_trampoline_6442580665+0x4d/0x1000\n   __x64_sys_getpgid+0x5/0x30\n   ? do_syscall_64+0x36/0xb0\n   entry_SYSCALL_64_after_hwframe+0x6e/0x76\n   \u003c/TASK\u003e",
  "id": "GHSA-pmx2-4vwx-fc3h",
  "modified": "2025-11-03T21:31:01Z",
  "published": "2024-03-26T18:32:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52621"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/169410eba271afc9f0fb476d996795aa26770c6d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3516f93cc63d956e1b290ae4b7bf2586074535a0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/483cb92334cd7f1d5387dccc0ab5d595d27a669d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/82f2df94dac1aa9b879e74d1f82ba1b631bdc612"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c7f1b6146f4a46d727c0d046284c28b6882c6304"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d6d6fe4bb105595118f12abeed4a7bdd450853f3"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…