[SRU][F][PATCH 0/1] CVE-2024-42068
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Thu Oct 10 11:14:04 UTC 2024
[Impact]
bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()
set_memory_ro() can fail, leaving memory unprotected.
Check its return and take it into account as an error.
[Fix]
Noble: Fixed
Jammy: Fixed
Focal: Backported from linux-6.9.y
Bionic: Sent to ESM ML
Xenial: Sent to ESM ML
[Test Case]
Compile and boot tested.
[Where problems could occur]
The fix affects the eBPF subsystem, particularly memory protection in
BPF programs. An issue with this fix may lead to kernel crashes during
memory operations, especially when using eBPF-based tools. Users could
also experience application crashes or failures in eBPF dependent
applications.
Christophe Leroy (1):
bpf: Take return from set_memory_ro() into account with
bpf_prog_lock_ro()
include/linux/filter.h | 5 +++--
kernel/bpf/core.c | 4 +++-
kernel/bpf/verifier.c | 8 ++++++--
3 files changed, 12 insertions(+), 5 deletions(-)
--
2.43.0
More information about the kernel-team
mailing list