CVE-2024-56610 Affecting bpftool package, versions <0:5.15.0-305.176.4.el8uek
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-ORACLE8-BPFTOOL-8714814
- published12 Feb 2025
- disclosed27 Dec 2024
Introduced: 27 Dec 2024
CVE-2024-56610 (opens in a new tab)How to fix?
Upgrade Oracle:8 bpftool to version 0:5.15.0-305.176.4.el8uek or higher.
This issue was patched in ELSA-2025-20095.
NVD Description
Note: Versions mentioned in the description apply only to the upstream bpftool package and not the bpftool package as distributed by Oracle.
See How to fix? for Oracle:8 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
kcsan: Turn report_filterlist_lock into a raw_spinlock
Ran Xiaokai reports that with a KCSAN-enabled PREEMPT_RT kernel, we can see splats like:
| BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1 | preempt_count: 10002, expected: 0 | RCU nest depth: 0, expected: 0 | no locks held by swapper/1/0. | irq event stamp: 156674 | hardirqs last enabled at (156673): [<ffffffff81130bd9>] do_idle+0x1f9/0x240 | hardirqs last disabled at (156674): [<ffffffff82254f84>] sysvec_apic_timer_interrupt+0x14/0xc0 | softirqs last enabled at (0): [<ffffffff81099f47>] copy_process+0xfc7/0x4b60 | softirqs last disabled at (0): [<0000000000000000>] 0x0 | Preemption disabled at: | [<ffffffff814a3e2a>] paint_ptr+0x2a/0x90 | CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.11.0+ #3 | Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014 | Call Trace: | <IRQ> | dump_stack_lvl+0x7e/0xc0 | dump_stack+0x1d/0x30 | __might_resched+0x1a2/0x270 | rt_spin_lock+0x68/0x170 | kcsan_skip_report_debugfs+0x43/0xe0 | print_report+0xb5/0x590 | kcsan_report_known_origin+0x1b1/0x1d0 | kcsan_setup_watchpoint+0x348/0x650 | __tsan_unaligned_write1+0x16d/0x1d0 | hrtimer_interrupt+0x3d6/0x430 | __sysvec_apic_timer_interrupt+0xe8/0x3a0 | sysvec_apic_timer_interrupt+0x97/0xc0 | </IRQ>
On a detected data race, KCSAN's reporting logic checks if it should filter the report. That list is protected by the report_filterlist_lock non-raw spinlock which may sleep on RT kernels.
Since KCSAN may report data races in any context, convert it to a raw_spinlock.
This requires being careful about when to allocate memory for the filter list itself which can be done via KCSAN's debugfs interface. Concurrent modification of the filter list via debugfs should be rare: the chosen strategy is to optimistically pre-allocate memory before the critical section and discard if unused.
References
- https://linux.oracle.com/cve/CVE-2024-56610.html
- https://linux.oracle.com/errata/ELSA-2025-20095.html
- https://git.kernel.org/stable/c/0ab4951c1473c7d1ceaf1232eb927109cd1c4859
- https://git.kernel.org/stable/c/59458fa4ddb47e7891c61b4a928d13d5f5b00aa0
- https://git.kernel.org/stable/c/889a0d3a35fdedba1c5dcb6410c95c32421680ec
- https://git.kernel.org/stable/c/dca4e74a918586913d251c0b359e8cc96a3883ea
- https://git.kernel.org/stable/c/ea6588abcc15d68fdeae777ffe3dd74c02eab407
- https://git.kernel.org/stable/c/f4f2ef66d288ea796ddb8ecbdc2df074ab2d5f4d