libbpf Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A heap buffer overflow vulnerability has been identified in libbpf version 1.5.0. This vulnerability allows local attackers to execute arbitrary code by exploiting the bpf_object__init_prog function. The issue arises from inadequate boundary checks when copying BPF program instructions from a malformed ELF file, leading to memory corruption during memcpy operations.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using a generated malformed BPF file named 'crash' and loading it with the vulnerable libbpf library. This can be done by compiling a C program that uses the libbpf API to open and load the malicious BPF object. The program should be compiled with AddressSanitizer enabled, which will report the heap buffer overflow error when the vulnerable code is executed.