一、 漏洞 CVE-2024-50063 基础信息
漏洞标题
bpf: 防止尾调用附加到不同挂钩的程序之间
来源:AIGC 神龙大模型
漏洞描述信息
N/A
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
来源:AIGC 神龙大模型
漏洞类别
输入验证不恰当
来源:AIGC 神龙大模型
漏洞标题
bpf: Prevent tail call between progs attached to different hooks
来源:美国国家漏洞数据库 NVD
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tail call between progs attached to different hooks bpf progs can be attached to kernel functions, and the attached functions can take different parameters or return different return values. If prog attached to one kernel function tail calls prog attached to another kernel function, the ctx access or return value verification could be bypassed. For example, if prog1 is attached to func1 which takes only 1 parameter and prog2 is attached to func2 which takes two parameters. Since verifier assumes the bpf ctx passed to prog2 is constructed based on func2's prototype, verifier allows prog2 to access the second parameter from the bpf ctx passed to it. The problem is that verifier does not prevent prog1 from passing its bpf ctx to prog2 via tail call. In this case, the bpf ctx passed to prog2 is constructed from func1 instead of func2, that is, the assumption for ctx access verification is bypassed. Another example, if BPF LSM prog1 is attached to hook file_alloc_security, and BPF LSM prog2 is attached to hook bpf_lsm_audit_rule_known. Verifier knows the return value rules for these two hooks, e.g. it is legal for bpf_lsm_audit_rule_known to return positive number 1, and it is illegal for file_alloc_security to return positive number. So verifier allows prog2 to return positive number 1, but does not allow prog1 to return positive number. The problem is that verifier does not prevent prog1 from calling prog2 via tail call. In this case, prog2's return value 1 will be used as the return value for prog1's hook file_alloc_security. That is, the return value rule is bypassed. This patch adds restriction for tail call to prevent such bypasses.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Linux kernel 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于bpf程序中对不同钩子上附加程序的尾调用问题。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2024-50063 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2024-50063 的情报信息

  • 标题: bpf: Prevent tail call between progs attached to different hooks - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    bpf: Prevent tail call between progs attached to different hooks - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: bpf: Prevent tail call between progs attached to different hooks - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    bpf: Prevent tail call between progs attached to different hooks - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: bpf: Prevent tail call between progs attached to different hooks - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    bpf: Prevent tail call between progs attached to different hooks - kernel/git/stable/linux.git - Linux kernel stable tree
  • https://nvd.nist.gov/vuln/detail/CVE-2024-50063