CVE-2024-45020

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: Fix a kernel verifier crash in stacksafe()<br /> <br /> Daniel Hodges reported a kernel verifier crash when playing with sched-ext.<br /> Further investigation shows that the crash is due to invalid memory access<br /> in stacksafe(). More specifically, it is the following code:<br /> <br /> if (exact != NOT_EXACT &amp;&amp;<br /> old-&gt;stack[spi].slot_type[i % BPF_REG_SIZE] !=<br /> cur-&gt;stack[spi].slot_type[i % BPF_REG_SIZE])<br /> return false;<br /> <br /> The &amp;#39;i&amp;#39; iterates old-&gt;allocated_stack.<br /> If cur-&gt;allocated_stack allocated_stack the out-of-bound<br /> access will happen.<br /> <br /> To fix the issue add &amp;#39;i &gt;= cur-&gt;allocated_stack&amp;#39; check such that if<br /> the condition is true, stacksafe() should fail. Otherwise,<br /> cur-&gt;stack[spi].slot_type[i % BPF_REG_SIZE] memory access is legal.