CVE-2021-47317 powerpc/bpf: Fix detecting BPF atomic instructions

2024-05-2114:35:33

Linux

www.cve.org

linux kernel

vulnerability

bpf atomic

AI Score

6.5

Confidence

Low

EPSS

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:

powerpc/bpf: Fix detecting BPF atomic instructions

Commit 91c960b0056672 (“bpf: Rename BPF_XADD and prepare to encode other
atomics in .imm”) converted BPF_XADD to BPF_ATOMIC and added a way to
distinguish instructions based on the immediate field. Existing JIT
implementations were updated to check for the immediate field and to
reject programs utilizing anything more than BPF_ADD (such as BPF_FETCH)
in the immediate field.

However, the check added to powerpc64 JIT did not look at the correct
BPF instruction. Due to this, such programs would be accepted and
incorrectly JIT’ed resulting in soft lockups, as seen with the atomic
bounds test. Fix this by looking at the correct immediate value.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "arch/powerpc/net/bpf_jit_comp64.c"
    ],
    "versions": [
      {
        "version": "91c960b00566",
        "lessThan": "7284dab07e4d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "91c960b00566",
        "lessThan": "0d435b6d94b0",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "91c960b00566",
        "lessThan": "419ac821766c",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "arch/powerpc/net/bpf_jit_comp64.c"
    ],
    "versions": [
      {
        "version": "5.12",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.12",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.12.19",
        "lessThanOrEqual": "5.12.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.13.4",
        "lessThanOrEqual": "5.13.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.14",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]