In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers These three bpf_map_{lookup,update,delete}_elem() helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program, otherwise the following warning will be reported when a sleepable bpf program manipulates bpf map under interpreter mode (aka bpf_jit_enable=0): WARNING: CPU: 3 PID: 4985 at kernel/bpf/helpers.c:40 ...... CPU: 3 PID: 4985 Comm: test_progs Not tainted 6.6.0+ #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ...... RIP: 0010:bpf_map_lookup_elem+0x54/0x60 ...... Call Trace: <TASK> ? __warn+0xa5/0x240 ? bpf_map_lookup_elem+0x54/0x60 ? report_bug+0x1ba/0x1f0 ? handle_bug+0x40/0x80 ? exc_invalid_op+0x18/0x50 ? asm_exc_invalid_op+0x1b/0x20 ? __pfx_bpf_map_lookup_elem+0x10/0x10 ? rcu_lockdep_current_cpu_online+0x65/0xb0 ? rcu_is_watching+0x23/0x50 ? bpf_map_lookup_elem+0x54/0x60 ? __pfx_bpf_map_lookup_elem+0x10/0x10 ___bpf_prog_run+0x513/0x3b70 __bpf_prog_run32+0x9d/0xd0 ? __bpf_prog_enter_sleepable_recur+0xad/0x120 ? __bpf_prog_enter_sleepable_recur+0x3e/0x120 bpf_trampoline_6442580665+0x4d/0x1000 __x64_sys_getpgid+0x5/0x30 ? do_syscall_64+0x36/0xb0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 </TASK>

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:9315 2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5 cpe:/o:redhat:enterprise_linux:9 RHSA-2024:9315 2024-11-12T00:00:00Z
References
Link Providers
https://git.kernel.org/stable/c/169410eba271afc9f0fb476d996795aa26770c6d cve-icon cve-icon
https://git.kernel.org/stable/c/483cb92334cd7f1d5387dccc0ab5d595d27a669d cve-icon cve-icon
https://git.kernel.org/stable/c/c7f1b6146f4a46d727c0d046284c28b6882c6304 cve-icon cve-icon
https://git.kernel.org/stable/c/d6d6fe4bb105595118f12abeed4a7bdd450853f3 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/20240326171931.1354035-4-lee@kernel.org/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-52621 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-52621 cve-icon
History

Mon, 17 Mar 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Weaknesses CWE-617
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Wed, 13 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

Wed, 11 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2024-12-19T08:22:46.890Z

Reserved: 2024-03-06T09:52:12.090Z

Link: CVE-2023-52621

cve-icon Vulnrichment

Updated: 2024-08-02T23:03:21.365Z

cve-icon NVD

Status : Analyzed

Published: 2024-03-26T18:15:08.817

Modified: 2025-03-17T15:20:01.240

Link: CVE-2023-52621

cve-icon Redhat

Severity : Low

Publid Date: 2024-03-26T00:00:00Z

Links: CVE-2023-52621 - Bugzilla