CVE-2023-54181
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
30/12/2025
Last modified:
30/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
bpf: Fix issue in verifying allow_ptr_leaks<br />
<br />
After we converted the capabilities of our networking-bpf program from<br />
cap_sys_admin to cap_net_admin+cap_bpf, our networking-bpf program<br />
failed to start. Because it failed the bpf verifier, and the error log<br />
is "R3 pointer comparison prohibited".<br />
<br />
A simple reproducer as follows,<br />
<br />
SEC("cls-ingress")<br />
int ingress(struct __sk_buff *skb)<br />
{<br />
struct iphdr *iph = (void *)(long)skb->data + sizeof(struct ethhdr);<br />
<br />
if ((long)(iph + 1) > (long)skb->data_end)<br />
return TC_ACT_STOLEN;<br />
return TC_ACT_OK;<br />
}<br />
<br />
Per discussion with Yonghong and Alexei [1], comparison of two packet<br />
pointers is not a pointer leak. This patch fixes it.<br />
<br />
Our local kernel is 6.1.y and we expect this fix to be backported to<br />
6.1.y, so stable is CCed.<br />
<br />
[1]. https://lore.kernel.org/bpf/CAADnVQ+Nmspr7Si+pxWn8zkE7hX-7s93ugwC+94aXSy4uQ9vBg@mail.gmail.com/