cve/published/2024/CVE-2024-40908.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-40908: bpf: Set run context for rawtp test_run callback

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 bpf: Set run context for rawtp test_run callback

 syzbot reported crash when rawtp program executed through the
 test_run interface calls bpf_get_attach_cookie helper or any
 other helper that touches task->bpf_ctx pointer.

 Setting the run context (task->bpf_ctx pointer) for test_run
 callback.

 The Linux kernel CVE team has assigned CVE-2024-40908 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.15 with commit 7adfc6c9b315e174cf8743b21b7b691c8766791b and fixed in 5.15.162 with commit 789bd77c9342aa6125003871ae5c6034d0f6f9d2
 	Issue introduced in 5.15 with commit 7adfc6c9b315e174cf8743b21b7b691c8766791b and fixed in 6.1.95 with commit 3708b6c2546c9eb34aead8a34a17e8ae69004e4d
 	Issue introduced in 5.15 with commit 7adfc6c9b315e174cf8743b21b7b691c8766791b and fixed in 6.6.35 with commit d387805d4b4a46ee01e3dae133c81b6d80195e5b
 	Issue introduced in 5.15 with commit 7adfc6c9b315e174cf8743b21b7b691c8766791b and fixed in 6.9.6 with commit ae0ba0ab7475a129ef7d449966edf677367efeb4
 	Issue introduced in 5.15 with commit 7adfc6c9b315e174cf8743b21b7b691c8766791b and fixed in 6.10 with commit d0d1df8ba18abc57f28fb3bc053b2bf319367f2c

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-40908
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	net/bpf/test_run.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/789bd77c9342aa6125003871ae5c6034d0f6f9d2
 	https://git.kernel.org/stable/c/3708b6c2546c9eb34aead8a34a17e8ae69004e4d
 	https://git.kernel.org/stable/c/d387805d4b4a46ee01e3dae133c81b6d80195e5b
 	https://git.kernel.org/stable/c/ae0ba0ab7475a129ef7d449966edf677367efeb4
 	https://git.kernel.org/stable/c/d0d1df8ba18abc57f28fb3bc053b2bf319367f2c
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-40908: bpf: Set run context for rawtp test_run callback

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	bpf: Set run context for rawtp test_run callback

	syzbot reported crash when rawtp program executed through the
	test_run interface calls bpf_get_attach_cookie helper or any
	other helper that touches task->bpf_ctx pointer.

	Setting the run context (task->bpf_ctx pointer) for test_run
	callback.

	The Linux kernel CVE team has assigned CVE-2024-40908 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.15 with commit 7adfc6c9b315e174cf8743b21b7b691c8766791b and fixed in 5.15.162 with commit 789bd77c9342aa6125003871ae5c6034d0f6f9d2
	Issue introduced in 5.15 with commit 7adfc6c9b315e174cf8743b21b7b691c8766791b and fixed in 6.1.95 with commit 3708b6c2546c9eb34aead8a34a17e8ae69004e4d
	Issue introduced in 5.15 with commit 7adfc6c9b315e174cf8743b21b7b691c8766791b and fixed in 6.6.35 with commit d387805d4b4a46ee01e3dae133c81b6d80195e5b
	Issue introduced in 5.15 with commit 7adfc6c9b315e174cf8743b21b7b691c8766791b and fixed in 6.9.6 with commit ae0ba0ab7475a129ef7d449966edf677367efeb4
	Issue introduced in 5.15 with commit 7adfc6c9b315e174cf8743b21b7b691c8766791b and fixed in 6.10 with commit d0d1df8ba18abc57f28fb3bc053b2bf319367f2c

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-40908
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	net/bpf/test_run.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/789bd77c9342aa6125003871ae5c6034d0f6f9d2
	https://git.kernel.org/stable/c/3708b6c2546c9eb34aead8a34a17e8ae69004e4d
	https://git.kernel.org/stable/c/d387805d4b4a46ee01e3dae133c81b6d80195e5b
	https://git.kernel.org/stable/c/ae0ba0ab7475a129ef7d449966edf677367efeb4
	https://git.kernel.org/stable/c/d0d1df8ba18abc57f28fb3bc053b2bf319367f2c