发布时间: 2024年5月10日
修改时间: 2024年8月16日
In the Linux kernel, the following vulnerability has been resolved:bpf: Fix stackmap overflow check on 32-bit archesThe stackmap code relies on roundup_pow_of_two() to compute the numberof hash buckets, and contains an overflow check by checking if theresulting value is 0. However, on 32-bit arches, the roundup code itselfcan overflow by doing a 32-bit left-shift of an unsigned long value,which is undefined behaviour, so it is not guaranteed to truncateneatly. This was triggered by syzbot on the DEVMAP_HASH type, whichcontains the same check, copied from the hashtab code.The commit in the fixes tag actually attempted to fix this, but the fixdid not account for the UB, so the fix only works on CPUs where anoverflow does result in a neat truncation to zero, which is notguaranteed. Checking the value before rounding does not have thisproblem.
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 7.8 | 7.8 |
| Attack Vector | Local | Local |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality | High | High |
| Integrity | High | High |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-1511 | kernel security update | 2024年5月10日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | kernel | Unaffected |
| KY3.4-5A | kernel | Unaffected |
| KY3.4-5A | kernel | Fixed |
| KY3.5.1 | kernel | Fixed |
| KY3.5.2 | kernel | Fixed |
