Описание
In the Linux kernel, the following vulnerability has been resolved:
samples/bpf: syscall_tp_user: Fix array out-of-bound access
Commit 06744f24696e ("samples/bpf: Add openat2() enter/exit tracepoint to syscall_tp sample") added two more eBPF programs to support the openat2() syscall. However, it did not increase the size of the array that holds the corresponding bpf_links. This leads to an out-of-bound access on that array in the bpf_object__for_each_program loop and could corrupt other variables on the stack. On our testing QEMU, it corrupts the map1_fds array and causes the sample to fail:
./syscall_tp
prog #0: map ids 4 5 verify map:4 val: 5 map_lookup failed: Bad file descriptor
Dynamically allocate the array based on the number of programs reported by libbpf to prevent similar inconsistencies in the future
In the Linux kernel, the following vulnerability has been resolved:
samples/bpf: syscall_tp_user: Fix array out-of-bound access
Commit 06744f24696e ("samples/bpf: Add openat2() enter/exit tracepoint to syscall_tp sample") added two more eBPF programs to support the openat2() syscall. However, it did not increase the size of the array that holds the corresponding bpf_links. This leads to an out-of-bound access on that array in the bpf_object__for_each_program loop and could corrupt other variables on the stack. On our testing QEMU, it corrupts the map1_fds array and causes the sample to fail:
./syscall_tp
prog #0: map ids 4 5 verify map:4 val: 5 map_lookup failed: Bad file descriptor
Dynamically allocate the array based on the number of programs reported by libbpf to prevent similar inconsistencies in the future
CVE ID
Связанные уязвимости
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
[REJECTED CVE] In the Linux kernel, the following vulnerability has been resolved: samples/bpf: syscall_tp_user: Fix array out-of-bound access The Linux kernel CVE team has assigned CVE-2023-52793 to this issue.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.