A new vulnerability has been identified and assigned the identifier CVE-2023-52446 in the Linux kernel. This vulnerability exists in the bpf component and causes a race condition between btf_put() and map_free() functions, which can potentially lead to further security issues.

Details of the vulnerability

bpf is a component of the Linux kernel, responsible for providing efficient and flexible packet filtering, as well as other functionality. One part of its functionality includes handling and freeing maps when they are no longer needed by the kernel. In certain cases, there is a race condition between the functions btf_put() and map_free() that can lead to use-after-free errors, which can ultimately cause security issues in affected systems.

This issue was discovered when running ./test_progs -j on a Linux virtual machine with the latest kernel. The provided output shows the KASAN (Kernel Address Sanitizer) error, pinpointing the location of the issue. The issue was found in the function bpf_rb_root_free+x1f8/x2b, where the use-after-free error occurs.

The root cause of this issue was traced back to the code in the aforementioned function. Specifically, the problematic section initializes a pointer, followed by a call to the KASAN function, which then reads the memory at the address of the initialized pointer. This results in the use-after-free error, as the memory at that address has already been freed.

Exploit details and potential consequences

The vulnerable function could lead to instability or crash within the Linux kernel, or, in more severe cases, be exploited by attackers to gain unauthorized control of the system. While there are no public exploits currently available targeting this vulnerability, it is crucial to address this issue to ensure the security and stability of affected systems.

Resolution / Patch

The developers of the Linux kernel have already addressed this vulnerability and issued a patch that resolves the race condition issue. Users are encouraged to apply the latest kernel updates to ensure the security of their systems.

Original references

- Linux kernel source code repository, diff for the fix
- Linux kernel mailing list discussion on the issue

Conclusion

CVE-2023-52446 is a vulnerability found in the Linux kernel's bpf component, leading to a race condition between btf_put() and map_free() functions. Although no public exploits are known, this issue represents a potential security risk. Users should apply the latest kernel updates to ensure the security and stability of their systems.

Timeline

Published on: 02/22/2024 17:15:08 UTC
Last modified on: 03/14/2024 19:47:14 UTC