Linux Kernel BPF Invalid Memory Access Vulnerability in Program Statistics Handling

A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) implementation has been identified, which leads to invalid memory access. This issue arises when the 'update_effective_progs' function fails, allowing a fault injection to occur. The problem is triggered during the execution of a softirq (software interrupt), where the BPF program's statistics are accessed. If the statistics pointer is null, it results in an invalid memory access, potentially causing a crash or other unintended behavior.

Impact

Exploitation of this vulnerability can lead to invalid memory access, causing potential crashes or other erratic behavior in the system.

Reproduction

The vulnerability can be reproduced by using the Syzkaller fuzzer, which will inject faults into the 'update_effective_progs' function. This fault injection causes the BPF program to be replaced with a dummy program that has a null statistics pointer. When a softirq is processed, the BPF runtime attempts to access the statistics of the dummy program, leading to an invalid memory access.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.