Ubuntu: USN-7521-1 (CVE-2024-58060): Linux kernel vulnerabilities
Description
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing There is a UAF report in the bpf_struct_ops when CONFIG_MODULES=n. In particular, the report is on tcp_congestion_ops that has a "struct module *owner" member. For struct_ops that has a "struct module *owner" member, it can be extended either by the regular kernel module or by the bpf_struct_ops. bpf_try_module_get() will be used to do the refcounting and different refcount is done based on the owner pointer. When CONFIG_MODULES=n, the btf_id of the "struct module" is missing: WARN: resolve_btfids: unresolved symbol module Thus, the bpf_try_module_get() cannot do the correct refcounting. Not all subsystem's struct_ops requires the "struct module *owner" member. e.g. the recent sched_ext_ops. This patch is to disable bpf_struct_ops registration if the struct_ops has the "struct module *" member and the "struct module" btf_id is missing. The btf_type_is_fwd() helper is moved to the btf.h header file for this test. This has happened since the beginning of bpf_struct_ops which has gone through many changes. The Fixes tag is set to a recent commit that this patch can apply cleanly. Considering CONFIG_MODULES=n is not common and the age of the issue, targeting for bpf-next also.
Solution(s)
- ubuntu-upgrade-linux-image-6-11-0-1010-realtime
- ubuntu-upgrade-linux-image-6-11-0-1013-raspi
- ubuntu-upgrade-linux-image-6-11-0-1015-azure
- ubuntu-upgrade-linux-image-6-11-0-1015-azure-fde
- ubuntu-upgrade-linux-image-6-11-0-1015-gcp
- ubuntu-upgrade-linux-image-6-11-0-1015-gcp-64k
- ubuntu-upgrade-linux-image-6-11-0-1022-oem
- ubuntu-upgrade-linux-image-6-11-0-26-generic
- ubuntu-upgrade-linux-image-6-11-0-26-generic-64k
- ubuntu-upgrade-linux-image-azure
- ubuntu-upgrade-linux-image-azure-fde
- ubuntu-upgrade-linux-image-gcp
- ubuntu-upgrade-linux-image-gcp-64k
- ubuntu-upgrade-linux-image-generic
- ubuntu-upgrade-linux-image-generic-64k
- ubuntu-upgrade-linux-image-generic-64k-hwe-24-04
- ubuntu-upgrade-linux-image-generic-hwe-24-04
- ubuntu-upgrade-linux-image-oem-24-04b
- ubuntu-upgrade-linux-image-raspi
- ubuntu-upgrade-linux-image-realtime
- ubuntu-upgrade-linux-image-virtual
- ubuntu-upgrade-linux-image-virtual-hwe-24-04
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center