Fixed
Created: May 21, 2024
Updated: Sep 15, 2024
Resolved Date: Sep 2, 2024
Found In Version: 10.21.20.1
Fix Version: 10.21.20.24
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself
sock_map proto callbacks should never call themselves by design. Protect
against bugs like 1] and break out of the recursive loop to avoid a stack
overflow in favor of a resource leak.
[1] https://lore.kernel.org/all/00000000000073b14905ef2e7401@google.com/
CREATE(Triage):(User=admin) [CVE-2023-52735 (https://nvd.nist.gov/vuln/detail/CVE-2023-52735)
