Summary: The Linux kernel had a vulnerability in the bpf (Berkeley Packet Filter) code that affected the hashtab overflow check on 32-bit architectures. This vulnerability could lead to undefined behavior and has been resolved in the latest update.
Original References: Linux Kernel Mailing List
Exploit Details
A vulnerability was discovered in the Linux kernel's bpf subsystem, specifically in the hashtab code. This code relied on the function roundup_pow_of_two() to compute the number of hash buckets and had an overflow check in place to ensure that the calculated value did not exceed the maximum allowed. However, an issue surfaced on 32-bit architectures where the roundup code could overflow by performing a 32-bit left-shift of an unsigned long value, leading to undefined behavior.
This issue was found by syzbot on the DEVMAP_HASH type, which utilized a similar check as the hashtab code. To rectify this vulnerability, the overflow check was moved to before the roundup_pow_of_two() in the code.
Code Snippet:
//Old code - Vulnerable to overflow
unsigned long hash_buckets = roundup_pow_of_two(hash_table_size / sizeof(*htab->buckets));
if (!hash_buckets)
return -EINVAL;
//New code - Fixing the overflow vulnerability
if (hash_table_size >= ULONG_MAX / sizeof(*htab->buckets))
return -EINVAL;
unsigned long hash_buckets = roundup_pow_of_two(hash_table_size / sizeof(*htab->buckets));
By moving the overflow check to before the roundup_pow_of_two() function call, the issue with potential undefined behavior associated with the overflow on 32-bit architectures has been successfully resolved. It is strongly advised for users running affected Linux kernel versions to update their systems to the latest patched version to avoid the risks associated with this vulnerability.
As an endnote, it is crucial to stay up-to-date with the latest security patches and updates for the Linux kernel. These updates not only improve the overall performance and stability of the system but also offer essential protection from potential vulnerabilities and attacks. Constant vigilance and swift actions will ensure the security and reliability of your systems.
Timeline
Published on: 04/17/2024 11:15:10 UTC
Last modified on: 06/27/2024 12:15:22 UTC