CVE-2024-58100
Description
In the Linux kernel, the following vulnerability has been resolved:bpf: check changes_pkt_data property for extension programsWhen processing calls to global sub-programs, verifier decides whetherto invalidate all packet pointers in current state depending on thechanges_pkt_data property of the global sub-program.Because of this, an extension program replacing a global sub-programmust be compatible with changes_pkt_data property of the sub-programbeing replaced.This commit:- adds changes_pkt_data flag to struct bpf_prog_aux: - this flag is set in check_cfg() for main sub-program; - in jit_subprogs() for other sub-programs;- modifies bpf_check_attach_btf_id() to check changes_pkt_data flag;- moves call to check_attach_btf_id() after the call to check_cfg(), because it needs changes_pkt_data flag to be set: bpf_check: ... ... - check_attach_btf_id resolve_pseudo_ldimm64 resolve_pseudo_ldimm64 --> bpf_prog_is_offloaded bpf_prog_is_offloaded check_cfg check_cfg + check_attach_btf_id ... ...The following fields are set by check_attach_btf_id():- env->ops- prog->aux->attach_btf_trace- prog->aux->attach_func_name- prog->aux->attach_func_proto- prog->aux->dst_trampoline- prog->aux->mod- prog->aux->saved_dst_attach_type- prog->aux->saved_dst_prog_type- prog->expected_attach_typeNeither of these fields are used by resolve_pseudo_ldimm64() orbpf_prog_offload_verifier_prep() (for netronome and netdevsimdrivers), so the reordering is safe.
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2025:01965-1(Public Cloud Module 15 SP6) kernel-azure-6.4.0-150600.8.40.1.x86_64.rpm | Linux |
| SUSE-SU-2025:01965-1(Public Cloud Module 15 SP6) kernel-azure-debuginfo-6.4.0-150600.8.40.1.x86_64.rpm | Linux |
| SUSE-SU-2025:01965-1(Public Cloud Module 15 SP6) kernel-azure-debugsource-6.4.0-150600.8.40.1.x86_64.rpm | Linux |
| SUSE-SU-2025:01965-1(Public Cloud Module 15 SP6) kernel-azure-devel-6.4.0-150600.8.40.1.x86_64.rpm | Linux |
| SUSE-SU-2025:01965-1(Public Cloud Module 15 SP6) kernel-azure-devel-debuginfo-6.4.0-150600.8.40.1.x86_64.rpm | Linux |
| SUSE-SU-2025:01965-1(Public Cloud Module 15 SP6) kernel-devel-azure-6.4.0-150600.8.40.1.noarch.rpm | Linux |
| SUSE-SU-2025:01965-1(Public Cloud Module 15 SP6) kernel-source-azure-6.4.0-150600.8.40.1.noarch.rpm | Linux |
| SUSE-SU-2025:01965-1(Public Cloud Module 15 SP6) kernel-syms-azure-6.4.0-150600.8.40.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02000-1(Legacy Module 15 SP6) reiserfs-kmp-default-6.4.0-150600.23.53.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02000-1(Legacy Module 15 SP6) reiserfs-kmp-default-debuginfo-6.4.0-150600.23.53.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02000-1(Basesystem Module 15 SP6) kernel-default-6.4.0-150600.23.53.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02000-1(Basesystem Module 15 SP6) kernel-default-base-6.4.0-150600.23.53.1.150600.12.24.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02000-1(Basesystem Module 15 SP6) kernel-default-debuginfo-6.4.0-150600.23.53.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02000-1(Basesystem Module 15 SP6) kernel-default-debugsource-6.4.0-150600.23.53.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02000-1(Basesystem Module 15 SP6) kernel-default-devel-6.4.0-150600.23.53.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02000-1(Basesystem Module 15 SP6) kernel-default-devel-debuginfo-6.4.0-150600.23.53.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02000-1(Basesystem Module 15 SP6) kernel-devel-6.4.0-150600.23.53.1.noarch.rpm | Linux |
| SUSE-SU-2025:02000-1(Development Tools Module 15 SP6) kernel-docs-6.4.0-150600.23.53.1.noarch.rpm | Linux |
| SUSE-SU-2025:02000-1(Basesystem Module 15 SP6) kernel-macros-6.4.0-150600.23.53.1.noarch.rpm | Linux |
| SUSE-SU-2025:02000-1(Development Tools Module 15 SP6) kernel-obs-build-6.4.0-150600.23.53.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02000-1(Development Tools Module 15 SP6) kernel-obs-build-debugsource-6.4.0-150600.23.53.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02000-1(Development Tools Module 15 SP6) kernel-source-6.4.0-150600.23.53.1.noarch.rpm | Linux |
| SUSE-SU-2025:02000-1(Development Tools Module 15 SP6) kernel-syms-6.4.0-150600.23.53.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-source-azure-6.4.0-150700.20.6.1.noarch.rpm | Linux |
| SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-syms-azure-6.4.0-150700.20.6.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-azure-6.4.0-150700.20.6.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-azure-debuginfo-6.4.0-150700.20.6.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-azure-debugsource-6.4.0-150700.20.6.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-azure-devel-6.4.0-150700.20.6.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-azure-devel-debuginfo-6.4.0-150700.20.6.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-devel-azure-6.4.0-150700.20.6.1.noarch.rpm | Linux |
| SUSE-SU-2025:02307-1(Basesystem Module 15 SP7) kernel-default-6.4.0-150700.53.6.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02307-1(Legacy Module 15 SP7) reiserfs-kmp-default-6.4.0-150700.53.6.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02307-1(Legacy Module 15 SP7) reiserfs-kmp-default-debuginfo-6.4.0-150700.53.6.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02307-1(Development Tools Module 15 SP7) kernel-syms-6.4.0-150700.53.6.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02307-1(Legacy Module 15 SP7) kernel-default-debugsource-6.4.0-150700.53.6.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02307-1(Basesystem Module 15 SP7) kernel-default-base-6.4.0-150700.53.6.1.150700.17.6.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02307-1(Development Tools Module 15 SP7) kernel-source-6.4.0-150700.53.6.1.noarch.rpm | Linux |
| SUSE-SU-2025:02307-1(Basesystem Module 15 SP7) kernel-default-devel-debuginfo-6.4.0-150700.53.6.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02307-1(Basesystem Module 15 SP7) kernel-default-devel-6.4.0-150700.53.6.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02307-1(Development Tools Module 15 SP7) kernel-obs-build-debugsource-6.4.0-150700.53.6.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02307-1(Development Tools Module 15 SP7) kernel-docs-6.4.0-150700.53.6.1.noarch.rpm | Linux |
| SUSE-SU-2025:02307-1(Basesystem Module 15 SP7) kernel-default-debuginfo-6.4.0-150700.53.6.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02307-1(Development Tools Module 15 SP7) kernel-obs-build-6.4.0-150700.53.6.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02307-1(Basesystem Module 15 SP7) kernel-devel-6.4.0-150700.53.6.1.noarch.rpm | Linux |
| SUSE-SU-2025:02307-1(Basesystem Module 15 SP7) kernel-macros-6.4.0-150700.53.6.1.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234