cve/published/2024/CVE-2024-53099.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-53099: bpf: Check validity of link->type in bpf_link_show_fdinfo()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 bpf: Check validity of link->type in bpf_link_show_fdinfo()

 If a newly-added link type doesn't invoke BPF_LINK_TYPE(), accessing
 bpf_link_type_strs[link->type] may result in an out-of-bounds access.

 To spot such missed invocations early in the future, checking the
 validity of link->type in bpf_link_show_fdinfo() and emitting a warning
 when such invocations are missed.

 The Linux kernel CVE team has assigned CVE-2024-53099 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 5.10.233 with commit 79f87a6ec39fb5968049a6775a528bf58b25c20a
 	Fixed in 5.15.176 with commit 24fec234d2ba9ca3c14e545ebe3fd6dcb47f074d
 	Fixed in 6.1.123 with commit 4e8074bb33d18f56af30a0252cb3606d27eb1c13
 	Fixed in 6.6.62 with commit d5092b0a1aaf35d77ebd8d33384d7930bec5cb5d
 	Fixed in 6.11.9 with commit b3eb1b6a9f745d6941b345f0fae014dc8bb06d36
 	Fixed in 6.12 with commit 8421d4c8762bd022cb491f2f0f7019ef51b4f0a7

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-53099
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	kernel/bpf/syscall.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/79f87a6ec39fb5968049a6775a528bf58b25c20a
 	https://git.kernel.org/stable/c/24fec234d2ba9ca3c14e545ebe3fd6dcb47f074d
 	https://git.kernel.org/stable/c/4e8074bb33d18f56af30a0252cb3606d27eb1c13
 	https://git.kernel.org/stable/c/d5092b0a1aaf35d77ebd8d33384d7930bec5cb5d
 	https://git.kernel.org/stable/c/b3eb1b6a9f745d6941b345f0fae014dc8bb06d36
 	https://git.kernel.org/stable/c/8421d4c8762bd022cb491f2f0f7019ef51b4f0a7
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-53099: bpf: Check validity of link->type in bpf_link_show_fdinfo()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	bpf: Check validity of link->type in bpf_link_show_fdinfo()

	If a newly-added link type doesn't invoke BPF_LINK_TYPE(), accessing
	bpf_link_type_strs[link->type] may result in an out-of-bounds access.

	To spot such missed invocations early in the future, checking the
	validity of link->type in bpf_link_show_fdinfo() and emitting a warning
	when such invocations are missed.

	The Linux kernel CVE team has assigned CVE-2024-53099 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 5.10.233 with commit 79f87a6ec39fb5968049a6775a528bf58b25c20a
	Fixed in 5.15.176 with commit 24fec234d2ba9ca3c14e545ebe3fd6dcb47f074d
	Fixed in 6.1.123 with commit 4e8074bb33d18f56af30a0252cb3606d27eb1c13
	Fixed in 6.6.62 with commit d5092b0a1aaf35d77ebd8d33384d7930bec5cb5d
	Fixed in 6.11.9 with commit b3eb1b6a9f745d6941b345f0fae014dc8bb06d36
	Fixed in 6.12 with commit 8421d4c8762bd022cb491f2f0f7019ef51b4f0a7

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-53099
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	kernel/bpf/syscall.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/79f87a6ec39fb5968049a6775a528bf58b25c20a
	https://git.kernel.org/stable/c/24fec234d2ba9ca3c14e545ebe3fd6dcb47f074d
	https://git.kernel.org/stable/c/4e8074bb33d18f56af30a0252cb3606d27eb1c13
	https://git.kernel.org/stable/c/d5092b0a1aaf35d77ebd8d33384d7930bec5cb5d
	https://git.kernel.org/stable/c/b3eb1b6a9f745d6941b345f0fae014dc8bb06d36
	https://git.kernel.org/stable/c/8421d4c8762bd022cb491f2f0f7019ef51b4f0a7