CVE-2023-54173

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: Disable preemption in bpf_event_output<br /> <br /> We received report [1] of kernel crash, which is caused by<br /> using nesting protection without disabled preemption.<br /> <br /> The bpf_event_output can be called by programs executed by<br /> bpf_prog_run_array_cg function that disabled migration but<br /> keeps preemption enabled.<br /> <br /> This can cause task to be preempted by another one inside the<br /> nesting protection and lead eventually to two tasks using same<br /> perf_sample_data buffer and cause crashes like:<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000001<br /> #PF: supervisor instruction fetch in kernel mode<br /> #PF: error_code(0x0010) - not-present page<br /> ...<br /> ? perf_output_sample+0x12a/0x9a0<br /> ? finish_task_switch.isra.0+0x81/0x280<br /> ? perf_event_output+0x66/0xa0<br /> ? bpf_event_output+0x13a/0x190<br /> ? bpf_event_output_data+0x22/0x40<br /> ? bpf_prog_dfc84bbde731b257_cil_sock4_connect+0x40a/0xacb<br /> ? xa_load+0x87/0xe0<br /> ? __cgroup_bpf_run_filter_sock_addr+0xc1/0x1a0<br /> ? release_sock+0x3e/0x90<br /> ? sk_setsockopt+0x1a1/0x12f0<br /> ? udp_pre_connect+0x36/0x50<br /> ? inet_dgram_connect+0x93/0xa0<br /> ? __sys_connect+0xb4/0xe0<br /> ? udp_setsockopt+0x27/0x40<br /> ? __pfx_udp_push_pending_frames+0x10/0x10<br /> ? __sys_setsockopt+0xdf/0x1a0<br /> ? __x64_sys_connect+0xf/0x20<br /> ? do_syscall_64+0x3a/0x90<br /> ? entry_SYSCALL_64_after_hwframe+0x72/0xdc<br /> <br /> Fixing this by disabling preemption in bpf_event_output.<br /> <br /> [1] https://github.com/cilium/cilium/issues/26756