CVE-2021-47317

powerpc/bpf: Fix detecting BPF atomic instructions

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

powerpc/bpf: Fix detecting BPF atomic instructions

Commit 91c960b0056672 ("bpf: Rename BPF_XADD and prepare to encode other
atomics in .imm") converted BPF_XADD to BPF_ATOMIC and added a way to
distinguish instructions based on the immediate field. Existing JIT
implementations were updated to check for the immediate field and to
reject programs utilizing anything more than BPF_ADD (such as BPF_FETCH)
in the immediate field.

However, the check added to powerpc64 JIT did not look at the correct
BPF instruction. Due to this, such programs would be accepted and
incorrectly JIT'ed resulting in soft lockups, as seen with the atomic
bounds test. Fix this by looking at the correct immediate value.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/bpf: Corrección de la detección de instrucciones atómicas BPF. La confirmación 91c960b0056672 ("bpf: Renombrar BPF_XADD y prepararse para codificar otros átomos en .imm") convirtió BPF_XADD a BPF_ATOMIC y agregó una forma de distinguir instrucciones basadas en el campo inmediato. Las implementaciones JIT existentes se actualizaron para verificar el campo inmediato y rechazar programas que utilicen algo más que BPF_ADD (como BPF_FETCH) en el campo inmediato. Sin embargo, la verificación agregada a powerpc64 JIT no analizó la instrucción BPF correcta. Debido a esto, dichos programas serían aceptados y sometidos a JIT incorrectamente, lo que provocaría bloqueos suaves, como se ve con la prueba de límites atómicos. Solucione este problema observando el valor inmediato correcto.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2024-05-22 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source
https://git.kernel.org/stable/c/91c960b0056672e74627776655c926388350fa30	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/7284dab07e4d51d453cc42851fae9ec4fac6ef2f	2021-07-20
https://git.kernel.org/stable/c/0d435b6d94b05dcfd836d758a63145aa566618e2	2021-07-20
https://git.kernel.org/stable/c/419ac821766cbdb9fd85872bb3f1a589df05c94c	2021-07-05

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 5.12.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 5.12.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 5.13.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 5.13.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 5.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 5.14"		en		Affected