CVE-2024-58237

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-58237
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58237.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-58237
Downstream
Related
Published
2025-05-05T15:15:54Z
Modified
2025-08-09T19:01:27Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: consider that tail calls invalidate packet pointers

Tail-called programs could execute any of the helpers that invalidate packet pointers. Hence, conservatively assume that each tail call invalidates packet pointers.

Making the change in bpfhelperchangespktdata() automatically makes use of checkcfg() logic that computes 'changespkt_data' effect for global sub-programs, such that the following program could be rejected:

int tail_call(struct __sk_buff *sk)
{
    bpf_tail_call_static(sk, &jmp_table, 0);
    return 0;
}

SEC("tc")
int not_safe(struct __sk_buff *sk)
{
    int *p = (void *)(long)sk->data;
    ... make p valid ...
    tail_call(sk);
    *p = 42; /* this is unsafe */
    ...
}

The tcbpf2bpf.c:subprogtc() needs change: mark it as a function that can invalidate packet pointers. Otherwise, it can't be freplaced with tailcallfreplace.c:entryfreplace() that does a tail call.

References

Affected packages