CVE-2024-53091

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx<br /> <br /> As the introduction of the support for vsock and unix sockets in sockmap,<br /> tls_sw_has_ctx_tx/rx cannot presume the socket passed in must be IS_ICSK.<br /> vsock and af_unix sockets have vsock_sock and unix_sock instead of<br /> inet_connection_sock. For these sockets, tls_get_ctx may return an invalid<br /> pointer and cause page fault in function tls_sw_ctx_rx.<br /> <br /> BUG: unable to handle page fault for address: 0000000000040030<br /> Workqueue: vsock-loopback vsock_loopback_work<br /> RIP: 0010:sk_psock_strp_data_ready+0x23/0x60<br /> Call Trace:<br /> ? __die+0x81/0xc3<br /> ? no_context+0x194/0x350<br /> ? do_page_fault+0x30/0x110<br /> ? async_page_fault+0x3e/0x50<br /> ? sk_psock_strp_data_ready+0x23/0x60<br /> virtio_transport_recv_pkt+0x750/0x800<br /> ? update_load_avg+0x7e/0x620<br /> vsock_loopback_work+0xd0/0x100<br /> process_one_work+0x1a7/0x360<br /> worker_thread+0x30/0x390<br /> ? create_worker+0x1a0/0x1a0<br /> kthread+0x112/0x130<br /> ? __kthread_cancel_work+0x40/0x40<br /> ret_from_fork+0x1f/0x40<br /> <br /> v2:<br /> - Add IS_ICSK check<br /> v3:<br /> - Update the commits in Fixes