CVE-2023-54247
- Source
- https://cve.org/CVERecord?id=CVE-2023-54247
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-54247.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-54247
- Downstream
- Published
- 2025-12-30T12:15:45.395Z
- Modified
- 2026-01-05T21:22:33.314354Z
- Summary
- bpf: Silence a warning in btf_type_id_size()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf: Silence a warning in btftypeid_size()
syzbot reported a warning in [1] with the following stacktrace: WARNING: CPU: 0 PID: 5005 at kernel/bpf/btf.c:1988 btftypeidsize+0x2d9/0x9d0 kernel/bpf/btf.c:1988 ... RIP: 0010:btftypeidsize+0x2d9/0x9d0 kernel/bpf/btf.c:1988 ... Call Trace: <TASK> mapcheckbtf kernel/bpf/syscall.c:1024 [inline] mapcreate+0x1157/0x1860 kernel/bpf/syscall.c:1198 _sysbpf+0x127f/0x5420 kernel/bpf/syscall.c:5040 _dosysbpf kernel/bpf/syscall.c:5162 [inline] _sesysbpf kernel/bpf/syscall.c:5160 [inline] _x64sysbpf+0x79/0xc0 kernel/bpf/syscall.c:5160 dosyscallx64 arch/x86/entry/common.c:50 [inline] dosyscall64+0x39/0xb0 arch/x86/entry/common.c:80 entrySYSCALL64afterhwframe+0x63/0xcd
With the following btf [1] DECLTAG 'a' typeid=4 componentidx=-1 [2] PTR '(anon)' typeid=0 [3] TYPETAG 'a' typeid=2 [4] VAR 'a' typeid=3, linkage=static and when the bpfattr.btfkeytypeid = 1 (DECLTAG), the following WARNONONCE in btftypeidsize() is triggered: if (WARNONONCE(!btftypeismodifier(sizetype) && !btftypeisvar(size_type))) return NULL;
Note that 'return NULL' is the correct behavior as we don't want a DECLTAG type to be used as a btf{key,value}typeid even for the case like 'DECL_TAG -> STRUCT'. So there is no correctness issue here, we just want to silence warning.
To silence the warning, I added DECLTAG as one of kinds in btftypenosize() which will cause btftypeidsize() returning NULL earlier without the warning.
[1] https://lore.kernel.org/bpf/000000000000e0df8d05fc75ba86@google.com/
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54247.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/61f4bd46a03a81865aca3bcbad2f7b7032fb3160
- https://git.kernel.org/stable/c/7c4f5ab63e7962812505cbd38cc765168a223acb
- https://git.kernel.org/stable/c/e6c2f594ed961273479505b42040782820190305
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54247.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-54247
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb5ea834dde6b6e7f75e51d5f66dac8cd7c97b5efFixed61f4bd46a03a81865aca3bcbad2f7b7032fb3160Fixed7c4f5ab63e7962812505cbd38cc765168a223acbFixede6c2f594ed961273479505b42040782820190305