Title: kernel de Linux
Description:  En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: samples/bpf: syscall_tp_user: corrige el acceso fuera de los límites de la matriz. Commit 06744f24696e ("samples/bpf: agrega openat2() entrada/salida del punto de seguimiento a la muestra syscall_tp") agregó dos más Programas eBPF para soportar la llamada al sistema openat2(). Sin embargo, no aumentó el tamaño de la matriz que contiene los bpf_links correspondientes. Esto conduce a un acceso fuera de los límites a esa matriz en el bucle bpf_object__for_each_program y podría dañar otras variables en la pila. En nuestra prueba QEMU, corrompe la matriz map1_fds y hace que la muestra falle: # ./syscall_tp prog #0: map ids 4 5 verificar map:4 val: 5 map_lookup falló: descriptor de archivo incorrecto Asigne dinámicamente la matriz según el número de programas reportados por libbpf para evitar inconsistencias similares en el futuro

In the Linux kernel, the following vulnerability has been resolved:

samples/bpf: syscall_tp_user: Fix array out-of-bound access

Commit 06744f24696e ("samples/bpf: Add openat2() enter/exit tracepoint
to syscall_tp sample") added two more eBPF programs to support the
openat2() syscall. However, it did not increase the size of the array
that holds the corresponding bpf_links. This leads to an out-of-bound
access on that array in the bpf_object__for_each_program loop and could
corrupt other variables on the stack. On our testing QEMU, it corrupts
the map1_fds array and causes the sample to fail:

  # ./syscall_tp
  prog #0: map ids 4 5
  verify map:4 val: 5
  map_lookup failed: Bad file descriptor

Dynamically allocate the array based on the number of programs reported
by libbpf to prevent similar inconsistencies in the future

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

kernel.org https://git.kernel.org/stable/c/61576b7a0f28f924da06bead92a39a6d9aa2404a

kernel.org https://git.kernel.org/stable/c/9220c3ef6fefbf18f24aeedb1142a642b3de0596

kernel.org https://git.kernel.org/stable/c/de4825a444560f8cb78b03dda3ba873fab88bc4f

In the Linux kernel, the following vulnerability has been resolved:

samples/bpf: syscall_tp_user: Fix array out-of-bound access

Commit 06744f24696e ("samples/bpf: Add openat2() enter/exit tracepoint
to syscall_tp sample") added two more eBPF programs to support the
openat2() syscall. However, it did not increase the size of the array
that holds the corresponding bpf_links. This leads to an out-of-bound
access on that array in the bpf_object__for_each_program loop and could
corrupt other variables on the stack. On our testing QEMU, it corrupts
the map1_fds array and causes the sample to fail:

  # ./syscall_tp
  prog #0: map ids 4 5
  verify map:4 val: 5
  map_lookup failed: Bad file descriptor

Dynamically allocate the array based on the number of programs reported
by libbpf to prevent similar inconsistencies in the future

kernel.org https://git.kernel.org/stable/c/61576b7a0f28f924da06bead92a39a6d9aa2404a [No types assigned]

kernel.org https://git.kernel.org/stable/c/9220c3ef6fefbf18f24aeedb1142a642b3de0596 [No types assigned]

kernel.org https://git.kernel.org/stable/c/de4825a444560f8cb78b03dda3ba873fab88bc4f [No types assigned]