Linux Kernel BPF Tail Call Infinite Loop Vulnerability

A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) implementation can lead to a potential infinite loop when using a combination of tail calls and the 'freplace' feature. This issue arises because the 'freplace' program can reset the tail call count, causing the tail call mechanism to loop indefinitely between certain entry points. The infinite loop can eventually result in a kernel panic.

Impact

Exploitation of this vulnerability can cause an infinite loop in the BPF tail call mechanism, leading to a kernel panic and system crash.

Remediation

The vulnerability has been addressed by preventing programs extended by an 'freplace' program from being updated to a 'prog_array' map, and vice versa. Additionally, 'freplace' extension programs are now disallowed from being tail-called. Users should ensure their BPF programs comply with these new restrictions.