CVE-2024-26883

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: Fix stackmap overflow check on 32-bit arches<br /> <br /> The stackmap code relies on roundup_pow_of_two() to compute the number<br /> of hash buckets, and contains an overflow check by checking if the<br /> resulting value is 0. However, on 32-bit arches, the roundup code itself<br /> can overflow by doing a 32-bit left-shift of an unsigned long value,<br /> which is undefined behaviour, so it is not guaranteed to truncate<br /> neatly. This was triggered by syzbot on the DEVMAP_HASH type, which<br /> contains the same check, copied from the hashtab code.<br /> <br /> The commit in the fixes tag actually attempted to fix this, but the fix<br /> did not account for the UB, so the fix only works on CPUs where an<br /> overflow does result in a neat truncation to zero, which is not<br /> guaranteed. Checking the value before rounding does not have this<br /> problem.