Acknowledged
Created: Nov 21, 2024
Updated: Jan 26, 2026
Resolved Date: Jan 26, 2026
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rxAs the introduction of the support for vsock and unix sockets in sockmap,tls_sw_has_ctx_tx/rx cannot presume the socket passed in must be IS_ICSK.vsock and af_unix sockets have vsock_sock and unix_sock instead ofinet_connection_sock. For these sockets, tls_get_ctx may return an invalidpointer and cause page fault in function tls_sw_ctx_rx.BUG: unable to handle page fault for address: 0000000000040030Workqueue: vsock-loopback vsock_loopback_workRIP: 0010:sk_psock_strp_data_ready+0x23/0x60Call Trace: ? __die+0x81/0xc3 ? no_context+0x194/0x350 ? do_page_fault+0x30/0x110 ? async_page_fault+0x3e/0x50 ? sk_psock_strp_data_ready+0x23/0x60 virtio_transport_recv_pkt+0x750/0x800 ? update_load_avg+0x7e/0x620 vsock_loopback_work+0xd0/0x100 process_one_work+0x1a7/0x360 worker_thread+0x30/0x390 ? create_worker+0x1a0/0x1a0 kthread+0x112/0x130 ? __kthread_cancel_work+0x40/0x40 ret_from_fork+0x1f/0x40v2: - Add IS_ICSK checkv3: - Update the commits in Fixes
========Wind River Notice========
Customers can use kernel.unprivileged_bpf_disabled sysctl to prevent unprivileged users from being able to use eBPF. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.
Inspect kernel.unprivileged_bpf_disabled sysctl with the command:
cat /proc/sys/kernel/unprivileged_bpf_disabled
The setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.
echo 1 > /proc/sys/kernel/unprivileged_bpf_disabled
For more details, please refer to Linux kernel official document:
[https://docs.kernel.org/admin-guide/sysctl/kernel.html#unprivileged-bpf-disabled]
