Linux Kernel Soft Lockup Vulnerability in BPF Sockmap Handling

A vulnerability in the Linux kernel's BPF sockmap implementation can lead to a soft lockup condition. This issue occurs in versions of the kernel through 6.2.0, when the recvmsg system call is invoked with a buffer length of zero. The tcp_bpf_recvmsg_parser function enters an infinite loop, repeatedly waiting for data that never arrives, effectively stalling the CPU. This behavior triggers a watchdog error, indicating that the processor has been unresponsive for an extended period.

Impact

Exploitation of this vulnerability causes a soft lockup, where a CPU becomes unresponsive for a significant duration, disrupting normal system operations.

Reproduction

The vulnerability can be reproduced by sending a recvmsg system call with a buffer length of zero to a socket that has BPF sockmap enabled. The tcp_bpf_recvmsg_parser function will enter an infinite loop, waiting for data that will not be received, causing a soft lockup on the CPU.

Remediation

Users can upgrade to a patched version of the Linux kernel that addresses this vulnerability. Instructions for updating the kernel can be found in the distribution's documentation.