Linux Kernel BPF Crypto Destructor Kfunc Type Mismatch Vulnerability

A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) subsystem related to cryptographic context management has been addressed. This issue arose from a type mismatch in destructor function calls, which was identified during BPF self-tests. With CONFIG_CFI enabled, the kernel requires that indirect function calls use matching function pointer types. The mismatch led to a CFI (Control Flow Integrity) failure, causing an internal error. To resolve this, a stub function with the correct type was added and registered as the destructor kfunc, ensuring compatibility with BPF program requirements.

Impact

The vulnerability could cause a Control Flow Integrity failure, leading to a kernel internal error.

Reproduction

The vulnerability can be reproduced by running BPF self-tests with CONFIG_CFI enabled. This will trigger a type mismatch error related to the bpf_crypto_ctx_release function, as the destructor kfunc was not properly registered with the correct function pointer type.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.