Vulnerability CVE-2023-52793
Published: 2024-05-21

Description:
In the Linux kernel, the following vulnerability has been resolved:

samples/bpf: syscall_tp_user: Fix array out-of-bound access

Commit 06744f24696e ("samples/bpf: Add openat2() enter/exit tracepoint
to syscall_tp sample") added two more eBPF programs to support the
openat2() syscall. However, it did not increase the size of the array
that holds the corresponding bpf_links. This leads to an out-of-bound
access on that array in the bpf_object__for_each_program loop and could
corrupt other variables on the stack. On our testing QEMU, it corrupts
the map1_fds array and causes the sample to fail:

# ./syscall_tp
prog #0: map ids 4 5
verify map:4 val: 5
map_lookup failed: Bad file descriptor

Dynamically allocate the array based on the number of programs reported
by libbpf to prevent similar inconsistencies in the future

 References:
https://git.kernel.org/stable/c/61576b7a0f28f924da06bead92a39a6d9aa2404a
https://git.kernel.org/stable/c/de4825a444560f8cb78b03dda3ba873fab88bc4f
https://git.kernel.org/stable/c/9220c3ef6fefbf18f24aeedb1142a642b3de0596
Copyright 2026, cxsecurity.com

 

Back to Top