1.5 KiB
CVE-2024-45020
Description
In the Linux kernel, the following vulnerability has been resolved:bpf: Fix a kernel verifier crash in stacksafe()Daniel Hodges reported a kernel verifier crash when playing with sched-ext.Further investigation shows that the crash is due to invalid memory accessin stacksafe(). More specifically, it is the following code: if (exact != NOT_EXACT && old->stack[spi].slot_type[i % BPF_REG_SIZE] != cur->stack[spi].slot_type[i % BPF_REG_SIZE]) return false;The 'i' iterates old->allocated_stack.If cur->allocated_stack < old->allocated_stack the out-of-boundaccess will happen.To fix the issue add 'i >= cur->allocated_stack' check such that ifthe condition is true, stacksafe() should fail. Otherwise,cur->stack[spi].slot_type[i % BPF_REG_SIZE] memory access is legal.
POC
Reference
No PoCs from references.