CVE-2024-58100
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-58100
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58100.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-58100
- Downstream
- Related
- Published
- 2025-05-05T14:53:33Z
- Modified
- 2025-10-22T08:14:07.901384Z
- Summary
- bpf: check changes_pkt_data property for extension programs
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf: check changespktdata property for extension programs
When processing calls to global sub-programs, verifier decides whether to invalidate all packet pointers in current state depending on the changespktdata property of the global sub-program.
Because of this, an extension program replacing a global sub-program must be compatible with changespktdata property of the sub-program being replaced.
This commit: - adds changespktdata flag to struct bpfprogaux: - this flag is set in checkcfg() for main sub-program; - in jitsubprogs() for other sub-programs; - modifies bpfcheckattachbtfid() to check changespktdata flag; - moves call to checkattachbtfid() after the call to checkcfg(), because it needs changespktdata flag to be set:
bpf_check: ... ... - check_attach_btf_id resolve_pseudo_ldimm64 resolve_pseudo_ldimm64 --> bpf_prog_is_offloaded bpf_prog_is_offloaded check_cfg check_cfg + check_attach_btf_id ... ...The following fields are set by checkattachbtfid(): - env->ops - prog->aux->attachbtftrace - prog->aux->attachfuncname - prog->aux->attachfuncproto - prog->aux->dsttrampoline - prog->aux->mod - prog->aux->saveddstattachtype - prog->aux->saveddstprogtype - prog->expectedattachtype
Neither of these fields are used by resolvepseudoldimm64() or bpfprogoffloadverifierprep() (for netronome and netdevsim drivers), so the reordering is safe.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbe8704ff07d2374bcc5c675526f95e70c6459683Fixed7197fc4acdf238ec8ad06de5a8235df0c1f9c7d7
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbe8704ff07d2374bcc5c675526f95e70c6459683Fixed3846e2bea565ee1c5195dcc625fda9868fb0e3b3
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbe8704ff07d2374bcc5c675526f95e70c6459683Fixed81f6d0530ba031b5f038a091619bf2ff29568852
Affected versions
v5.*
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.5
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13-rc1
v6.13-rc2
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.76
v6.6.77
v6.6.78
v6.6.79
v6.6.8
v6.6.80
v6.6.81
v6.6.82
v6.6.83
v6.6.84
v6.6.85
v6.6.86
v6.6.87
v6.6.88
v6.6.89
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"digest": {
"length": 1716.0,
"function_hash": "45248079683813167683402731335303420018"
},
"target": {
"function": "check_cfg",
"file": "kernel/bpf/verifier.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3846e2bea565ee1c5195dcc625fda9868fb0e3b3",
"deprecated": false,
"id": "CVE-2024-58100-41c76565",
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"35970877762275823247634563093080299915",
"321250011878695199423743023972984143866",
"63635655036853331451134063333519121879",
"179777494650828055263048040156638334399",
"285216844459133345077523019774730181842",
"277650605827562036756948829492393980297",
"143853112599752689093785120137915889638",
"34295479178391859299387090279360193302",
"54629837662157944231707046465920815129",
"216234220496306043183738447302527957434",
"153626650715511654168291738996583787511",
"22359791382877838453573097560911981018",
"181611752421546477690388214070961412658",
"173135805961278273869526270161191611653",
"175628496659423013417128615760212386795",
"300219997863142139051469886691993508019",
"286977607496440593145568941785803253559",
"35631201565041747628469519962431540932",
"316891287721919472649219735558806332830",
"42829002810728402985247796234478018132",
"97618688293600528882199532368690664818"
],
"threshold": 0.9
},
"target": {
"file": "kernel/bpf/verifier.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7197fc4acdf238ec8ad06de5a8235df0c1f9c7d7",
"deprecated": false,
"id": "CVE-2024-58100-43387718",
"signature_type": "Line"
},
{
"digest": {
"length": 4836.0,
"function_hash": "168932840598201656654753221222546025521"
},
"target": {
"function": "bpf_check",
"file": "kernel/bpf/verifier.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7197fc4acdf238ec8ad06de5a8235df0c1f9c7d7",
"deprecated": false,
"id": "CVE-2024-58100-47cdcd38",
"signature_type": "Function"
},
{
"digest": {
"length": 1446.0,
"function_hash": "127199084367089093380152276338328940901"
},
"target": {
"function": "check_cfg",
"file": "kernel/bpf/verifier.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7197fc4acdf238ec8ad06de5a8235df0c1f9c7d7",
"deprecated": false,
"id": "CVE-2024-58100-4bfd4b2e",
"signature_type": "Function"
},
{
"digest": {
"length": 6584.0,
"function_hash": "119972775012037364729726692569419230639"
},
"target": {
"function": "jit_subprogs",
"file": "kernel/bpf/verifier.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81f6d0530ba031b5f038a091619bf2ff29568852",
"deprecated": false,
"id": "CVE-2024-58100-4e532d94",
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"236047085349228493091020174318073438801",
"244497304677051448533646891040590649237",
"269345688339116238162133079683041899729",
"130280788633256563964102874146540851574"
],
"threshold": 0.9
},
"target": {
"file": "include/linux/bpf.h"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81f6d0530ba031b5f038a091619bf2ff29568852",
"deprecated": false,
"id": "CVE-2024-58100-5a155e4f",
"signature_type": "Line"
},
{
"digest": {
"length": 5278.0,
"function_hash": "332640433257794334518370502031690261"
},
"target": {
"function": "bpf_check",
"file": "kernel/bpf/verifier.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3846e2bea565ee1c5195dcc625fda9868fb0e3b3",
"deprecated": false,
"id": "CVE-2024-58100-61e59078",
"signature_type": "Function"
},
{
"digest": {
"length": 5384.0,
"function_hash": "277365086799560356516999051529606533328"
},
"target": {
"function": "bpf_check_attach_target",
"file": "kernel/bpf/verifier.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7197fc4acdf238ec8ad06de5a8235df0c1f9c7d7",
"deprecated": false,
"id": "CVE-2024-58100-6832d0b4",
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"35970877762275823247634563093080299915",
"321250011878695199423743023972984143866",
"63635655036853331451134063333519121879",
"179777494650828055263048040156638334399",
"160485654134991996091019078155910637701",
"310324115956895663977077160968988548977",
"214494118131722898333241832740280064815",
"8544518923282586530094853782346268451",
"54629837662157944231707046465920815129",
"216234220496306043183738447302527957434",
"153626650715511654168291738996583787511",
"22359791382877838453573097560911981018",
"181611752421546477690388214070961412658",
"173135805961278273869526270161191611653",
"175628496659423013417128615760212386795",
"300219997863142139051469886691993508019",
"286977607496440593145568941785803253559",
"35631201565041747628469519962431540932",
"106225529814571089588465243690990541781",
"294110401003099782249439180609801879880",
"169754746613672504605400729089813271162"
],
"threshold": 0.9
},
"target": {
"file": "kernel/bpf/verifier.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3846e2bea565ee1c5195dcc625fda9868fb0e3b3",
"deprecated": false,
"id": "CVE-2024-58100-6b3fa024",
"signature_type": "Line"
},
{
"digest": {
"line_hashes": [
"35970877762275823247634563093080299915",
"321250011878695199423743023972984143866",
"63635655036853331451134063333519121879",
"179777494650828055263048040156638334399",
"160485654134991996091019078155910637701",
"310324115956895663977077160968988548977",
"214494118131722898333241832740280064815",
"8544518923282586530094853782346268451",
"54629837662157944231707046465920815129",
"216234220496306043183738447302527957434",
"153626650715511654168291738996583787511",
"22359791382877838453573097560911981018",
"181611752421546477690388214070961412658",
"173135805961278273869526270161191611653",
"175628496659423013417128615760212386795",
"300219997863142139051469886691993508019",
"286977607496440593145568941785803253559",
"35631201565041747628469519962431540932",
"106225529814571089588465243690990541781",
"294110401003099782249439180609801879880",
"169754746613672504605400729089813271162"
],
"threshold": 0.9
},
"target": {
"file": "kernel/bpf/verifier.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81f6d0530ba031b5f038a091619bf2ff29568852",
"deprecated": false,
"id": "CVE-2024-58100-8f4728d4",
"signature_type": "Line"
},
{
"digest": {
"line_hashes": [
"104478269449798564556317037393612832815",
"102038434344220537938192745428483950271",
"238951251659077581387561551903842572699",
"272621567939990454645871832076944578637"
],
"threshold": 0.9
},
"target": {
"file": "include/linux/bpf.h"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7197fc4acdf238ec8ad06de5a8235df0c1f9c7d7",
"deprecated": false,
"id": "CVE-2024-58100-a7011c01",
"signature_type": "Line"
},
{
"digest": {
"length": 6262.0,
"function_hash": "325563950865048156121390268218299700112"
},
"target": {
"function": "bpf_check_attach_target",
"file": "kernel/bpf/verifier.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3846e2bea565ee1c5195dcc625fda9868fb0e3b3",
"deprecated": false,
"id": "CVE-2024-58100-a741b488",
"signature_type": "Function"
},
{
"digest": {
"length": 6455.0,
"function_hash": "118453115075096908019755065932367140441"
},
"target": {
"function": "jit_subprogs",
"file": "kernel/bpf/verifier.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3846e2bea565ee1c5195dcc625fda9868fb0e3b3",
"deprecated": false,
"id": "CVE-2024-58100-b19654ea",
"signature_type": "Function"
},
{
"digest": {
"length": 6262.0,
"function_hash": "325563950865048156121390268218299700112"
},
"target": {
"function": "bpf_check_attach_target",
"file": "kernel/bpf/verifier.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81f6d0530ba031b5f038a091619bf2ff29568852",
"deprecated": false,
"id": "CVE-2024-58100-d381e60c",
"signature_type": "Function"
},
{
"digest": {
"length": 1716.0,
"function_hash": "45248079683813167683402731335303420018"
},
"target": {
"function": "check_cfg",
"file": "kernel/bpf/verifier.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81f6d0530ba031b5f038a091619bf2ff29568852",
"deprecated": false,
"id": "CVE-2024-58100-dc8f95d8",
"signature_type": "Function"
},
{
"digest": {
"length": 5315.0,
"function_hash": "273930947194397579934551655390150225972"
},
"target": {
"function": "jit_subprogs",
"file": "kernel/bpf/verifier.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7197fc4acdf238ec8ad06de5a8235df0c1f9c7d7",
"deprecated": false,
"id": "CVE-2024-58100-f50feae3",
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"217234297446525168054228440574315972912",
"40015323134520679684627680783315654359",
"272669520972311391395230082744454458131",
"232577004427639979846806427632612280406"
],
"threshold": 0.9
},
"target": {
"file": "include/linux/bpf.h"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3846e2bea565ee1c5195dcc625fda9868fb0e3b3",
"deprecated": false,
"id": "CVE-2024-58100-f69c4ab5",
"signature_type": "Line"
},
{
"digest": {
"length": 5310.0,
"function_hash": "333782856925335869455888520300981299913"
},
"target": {
"function": "bpf_check",
"file": "kernel/bpf/verifier.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81f6d0530ba031b5f038a091619bf2ff29568852",
"deprecated": false,
"id": "CVE-2024-58100-fbf87cad",
"signature_type": "Function"
}
]