CVE-2023-54181

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: Fix issue in verifying allow_ptr_leaks<br /> <br /> After we converted the capabilities of our networking-bpf program from<br /> cap_sys_admin to cap_net_admin+cap_bpf, our networking-bpf program<br /> failed to start. Because it failed the bpf verifier, and the error log<br /> is "R3 pointer comparison prohibited".<br /> <br /> A simple reproducer as follows,<br /> <br /> SEC("cls-ingress")<br /> int ingress(struct __sk_buff *skb)<br /> {<br /> struct iphdr *iph = (void *)(long)skb-&gt;data + sizeof(struct ethhdr);<br /> <br /> if ((long)(iph + 1) &gt; (long)skb-&gt;data_end)<br /> return TC_ACT_STOLEN;<br /> return TC_ACT_OK;<br /> }<br /> <br /> Per discussion with Yonghong and Alexei [1], comparison of two packet<br /> pointers is not a pointer leak. This patch fixes it.<br /> <br /> Our local kernel is 6.1.y and we expect this fix to be backported to<br /> 6.1.y, so stable is CCed.<br /> <br /> [1]. https://lore.kernel.org/bpf/CAADnVQ+Nmspr7Si+pxWn8zkE7hX-7s93ugwC+94aXSy4uQ9vBg@mail.gmail.com/