{ "threat_severity" : "Low", "public_date" : "2024-03-26T00:00:00Z", "bugzilla" : { "description" : "kernel: bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers", "id" : "2271690", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2271690" }, "cvss3" : { "cvss3_base_score" : "4.4", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-413", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nbpf: Check rcu_read_lock_trace_held() before calling bpf map helpers\nThese three bpf_map_{lookup,update,delete}_elem() helpers are also\navailable for sleepable bpf program, so add the corresponding lock\nassertion for sleepable bpf program, otherwise the following warning\nwill be reported when a sleepable bpf program manipulates bpf map under\ninterpreter mode (aka bpf_jit_enable=0):\nWARNING: CPU: 3 PID: 4985 at kernel/bpf/helpers.c:40 ......\nCPU: 3 PID: 4985 Comm: test_progs Not tainted 6.6.0+ #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996) ......\nRIP: 0010:bpf_map_lookup_elem+0x54/0x60\n......\nCall Trace:\n\n? __warn+0xa5/0x240\n? bpf_map_lookup_elem+0x54/0x60\n? report_bug+0x1ba/0x1f0\n? handle_bug+0x40/0x80\n? exc_invalid_op+0x18/0x50\n? asm_exc_invalid_op+0x1b/0x20\n? __pfx_bpf_map_lookup_elem+0x10/0x10\n? rcu_lockdep_current_cpu_online+0x65/0xb0\n? rcu_is_watching+0x23/0x50\n? bpf_map_lookup_elem+0x54/0x60\n? __pfx_bpf_map_lookup_elem+0x10/0x10\n___bpf_prog_run+0x513/0x3b70\n__bpf_prog_run32+0x9d/0xd0\n? __bpf_prog_enter_sleepable_recur+0xad/0x120\n? __bpf_prog_enter_sleepable_recur+0x3e/0x120\nbpf_trampoline_6442580665+0x4d/0x1000\n__x64_sys_getpgid+0x5/0x30\n? do_syscall_64+0x36/0xb0\nentry_SYSCALL_64_after_hwframe+0x6e/0x76\n" ], "statement" : "The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-52621\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52621\nhttps://lore.kernel.org/linux-cve-announce/20240326171931.1354035-4-lee@kernel.org/T" ], "name" : "CVE-2023-52621", "csaw" : false }