CVE-2024-58237
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-58237
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58237.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-58237
- Downstream
- Related
- Published
- 2025-05-05T15:15:54Z
- Modified
- 2025-08-09T19:01:27Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf: consider that tail calls invalidate packet pointers
Tail-called programs could execute any of the helpers that invalidate packet pointers. Hence, conservatively assume that each tail call invalidates packet pointers.
Making the change in bpfhelperchangespktdata() automatically makes use of checkcfg() logic that computes 'changespkt_data' effect for global sub-programs, such that the following program could be rejected:
int tail_call(struct __sk_buff *sk) { bpf_tail_call_static(sk, &jmp_table, 0); return 0; } SEC("tc") int not_safe(struct __sk_buff *sk) { int *p = (void *)(long)sk->data; ... make p valid ... tail_call(sk); *p = 42; /* this is unsafe */ ... }The tcbpf2bpf.c:subprogtc() needs change: mark it as a function that can invalidate packet pointers. Otherwise, it can't be freplaced with tailcallfreplace.c:entryfreplace() that does a tail call.
- References