U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

Vulnerability Change Records for CVE-2023-52521

Change History

CVE Rejected by kernel.org 3/05/2024 6:15:07 PM

Action Type Old Value New Value

CVE Translated by kernel.org 3/05/2024 6:15:07 PM

Action Type Old Value New Value
Removed Translation 
Title: kernel de Linux
Description: En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bpf: Anotar bpf_long_memcpy con data_race syzbot informó una ejecución de datos entre dos procesos que intentaban actualizar el mismo valor del mapa BPF a través de una llamada al sistema en diferentes CPU: ERROR: KCSAN: ejecución de datos en bpf_percpu_array_update / bpf_percpu_array_update escribe en 0xffffe8fffe7425d8 de 8 bytes por tarea 8257 en la CPU 1: bpf_long_memcpy include/linux/bpf.h:428 [en línea] bpf_obj_memcpy include/linux/bpf.h:441 [en línea] copy_map_value_long include/linux/bpf.h: 464 [en línea] bpf_percpu_array_update+0x3bb/0x500 kernel/bpf/arraymap.c:380 bpf_map_update_value+0x190/0x370 kernel/bpf/syscall.c:175 generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1749 pb f_map_do_batch+0x2df/ 0x3d0 kernel/bpf/syscall.c:4648 __sys_bpf+0x28a/0x780 __do_sys_bpf kernel/bpf/syscall.c:5241 [en línea] __se_sys_bpf kernel/bpf/syscall.c:5239 [en línea] __x64_sys_bpf+0x 43/0x50 núcleo/bpf/ syscall.c:5239 do_syscall_x64 arch/x86/entry/common.c:50 [en línea] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 Entry_SYSCALL_64_after_hwframe+0x63/0xcd escribir en 0xffffe8fffe7425d8 de 8 bytes por tarea 82 68 en la CPU 0: bpf_long_memcpy include/linux/bpf.h:428 [en línea] bpf_obj_memcpy include/linux/bpf.h:441 [en línea] copy_map_value_long include/linux/bpf.h:464 [en línea] bpf_percpu_array_update+0x3bb/0x500 kernel/ bpf/arraymap.c:380 bpf_map_update_value+0x190/0x370 kernel/bpf/syscall.c:175 generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1749 bpf_map_do_batch+0x2df/0x3d0 kernel/bpf/syscall.c:4 648 __sys_bpf +0x28a/0x780 __do_sys_bpf kernel/bpf/syscall.c:5241 [en línea] __se_sys_bpf kernel/bpf/syscall.c:5239 [en línea] __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5239 do_syscall_x 64 arco/x86/entrada /common.c:50 [en línea] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 Entry_SYSCALL_64_after_hwframe+0x63/0xcd valor cambiado: 0x00000000000000000 -> 0xffffff000002788 El bpf_long_memcpy se usa con Punteros alineados de 8 bytes, power- de tamaño-8 y obligado a utilizar lecturas/escrituras largas para intentar copiar atómicamente contadores largos. Es solo el mejor esfuerzo y no hay barreras aquí, ya que competirá con las actualizaciones simultáneas de los programas BPF. El bpf_long_memcpy() se llama desde la llamada al sistema bpf(2). Marco sugirió que la mejor manera de hacer saber esto a KCSAN sería utilizar la anotación data_race().
 

								
								
					

				
			




		

	
		

			 
			

				CVE Modified by kernel.org 3/05/2024 6:15:07 PM
			



			

				 
					

						Action
						Type
						Old Value
						New Value
					

				
				
					

						Changed
						Description
						
							
							
								
							
								
In the Linux kernel, the following vulnerability has been resolved:

bpf: Annotate bpf_long_memcpy with data_race

syzbot reported a data race splat between two processes trying to
update the same BPF map value via syscall on different CPUs:

  BUG: KCSAN: data-race in bpf_percpu_array_update / bpf_percpu_array_update

  write to 0xffffe8fffe7425d8 of 8 bytes by task 8257 on cpu 1:
   bpf_long_memcpy include/linux/bpf.h:428 [inline]
   bpf_obj_memcpy include/linux/bpf.h:441 [inline]
   copy_map_value_long include/linux/bpf.h:464 [inline]
   bpf_percpu_array_update+0x3bb/0x500 kernel/bpf/arraymap.c:380
   bpf_map_update_value+0x190/0x370 kernel/bpf/syscall.c:175
   generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1749
   bpf_map_do_batch+0x2df/0x3d0 kernel/bpf/syscall.c:4648
   __sys_bpf+0x28a/0x780
   __do_sys_bpf kernel/bpf/syscall.c:5241 [inline]
   __se_sys_bpf kernel/bpf/syscall.c:5239 [inline]
   __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5239
   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
   do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
   entry_SYSCALL_64_after_hwframe+0x63/0xcd

  write to 0xffffe8fffe7425d8 of 8 bytes by task 8268 on cpu 0:
   bpf_long_memcpy include/linux/bpf.h:428 [inline]
   bpf_obj_memcpy include/linux/bpf.h:441 [inline]
   copy_map_value_long include/linux/bpf.h:464 [inline]
   bpf_percpu_array_update+0x3bb/0x500 kernel/bpf/arraymap.c:380
   bpf_map_update_value+0x190/0x370 kernel/bpf/syscall.c:175
   generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1749
   bpf_map_do_batch+0x2df/0x3d0 kernel/bpf/syscall.c:4648
   __sys_bpf+0x28a/0x780
   __do_sys_bpf kernel/bpf/syscall.c:5241 [inline]
   __se_sys_bpf kernel/bpf/syscall.c:5239 [inline]
   __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5239
   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
   do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
   entry_SYSCALL_64_after_hwframe+0x63/0xcd

  value changed: 0x0000000000000000 -> 0xfffffff000002788

The bpf_long_memcpy is used with 8-byte aligned pointers, power-of-8 size
and forced to use long read/writes to try to atomically copy long counters.
It is best-effort only and no barriers are here since it _will_ race with
concurrent updates from BPF programs. The bpf_long_memcpy() is called from
bpf(2) syscall. Marco suggested that the best way to make this known to
KCSAN would be to use data_race() annotation.

								
							
							
								
							
						
								
							
								
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

								
								
					

					

						Removed
						Reference
						
							
							
								
							
								
Linux https://git.kernel.org/stable/c/5685f8a6fae1fbe480493b980a1fdbe67c86a094

								
							
							
								
							
						
								
							
								

								
								
					

					

						Removed
						Reference
						
							
							
								
							
								
Linux https://git.kernel.org/stable/c/6a86b5b5cd76d2734304a0173f5f01aa8aa2025e

								
							
							
								
							
						
								
							
								

								
								
					

					

						Removed
						Reference
						
							
							
								
							
								
Linux https://git.kernel.org/stable/c/e562de67dc9196f2415f117796a2108c00ac7fc6