Updated:
Description:
In the Linux kernel, the following vulnerability has been resolved: bpf: Sync pending IRQ work before freeing ring buffer Fix a race where irq_work can be queued in bpf_ringbuf_commit() but the ring buffer is freed before the work executes. In the syzbot reproducer, a BPF program attached to sched_switch triggers bpf_ringbuf_commit(), queuing an irq_work. If the ring buffer is freed before this work executes, the irq_work thread may accesses freed memory. Calling `irq_work_sync(&rb->work)` ensures that all pending irq_work complete before freeing the buffer.
CVSS3: 5.5
| OS | Vendor version | Errata |
|---|---|---|
| Debian 11 | 5.10.247-1 | DLA-4404-1 |
| Debian 11 cloud | 5.10.247-1 | DLA-4404-1 |
| Amazon Linux 2023 | 6.1.159-181.297.amzn2023 | ALAS2023-2025-1350 |
| OS | Original kernel version | State |
|---|---|---|
| Debian 11 | |
Planned |
| Debian 11 cloud | |
Planned |
| Debian 12 | |
Planned |
| Amazon Linux 2023 | |
Planned |