Linux Kernel Stack Depth Mismanagement Vulnerability in BPF Verifier

A vulnerability exists in the Linux kernel's handling of stack depth within the BPF verifier, specifically in the 'widen_imprecise_scalars' function. This issue can lead to out-of-bounds access in the stack frame of the BPF verifier state. The vulnerability arises because the function does not properly account for differences in allocated stack depth between the current and previous states, which can be exploited under certain conditions, such as when an iterator-based loop is used.

Impact

Exploitation of this vulnerability can cause a stack overflow by pushing too much data onto the stack, potentially leading to arbitrary code execution.

Reproduction

The vulnerability can be reproduced by creating a BPF program that uses an iterator-based loop to call a function with varying parameters. The second call will have a smaller allocated stack depth, causing 'widen_imprecise_scalars' to access the stack out of bounds.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.