Recently, a critical vulnerability was discovered in the Linux kernel that affected the bpf_get_smp_processor_id() function in non-SMP (Symmetric Multi-Processing) enabled configurations. The issue has been resolved and ensured safer operation of the kernel module. This post aims to provide details about the exploit, the original references, the code snippet, and the fix.
Problem
A kernel bug was triggered when calling bpf_get_smp_processor_id() on x86-64 systems having CONFIG_SMP disabled. In such cases, the pcpu_hot variable was not available, and the system crashed with the following error:
[ 8.471774] BUG: unable to handle page fault for address: 00000000936a290c
[ 8.471849] #PF: supervisor read access in kernel mode
[ 8.471881] #PF: error_code(x000) - not-present page
Exploit Details
The exploit was associated with the non-availability of pcpu_hot when CONFIG_SMP was disabled. As a result, the kernel could not handle the page fault for the given address, causing a potential security breach. The vulnerability, which was assigned the CVE number CVE-2024-56768, has been fixed.
Original References
- Linux Kernel Git Commit
- Linux Kernel Bug Tracker
# Fix
To resolve the issue, the patch simply inlines a return in the !CONFIG_SMP case. The code snippet after the fix is as follows:
#ifdef CONFIG_SMP
static inline u32 bpf_get_smp_processor_id(void)
{
return pcpu_hot;
}
#else
static inline u32 bpf_get_smp_processor_id(void)
{
return ;
}
#endif
This fix ensures that when CONFIG_SMP is not enabled, the bpf_get_smp_processor_id() function will safely return a value, preventing the kernel from crashing due to an unhandled page fault.
Conclusion
The Linux kernel developers have successfully patched the CVE-2024-56768 security vulnerability, which affected the bpf_get_smp_processor_id() function in non-SMP configurations. With the applied patch, the kernel can now safely handle the situation when CONFIG_SMP is disabled and prevent potential security breaches.
We strongly recommend that all Linux kernel users update their systems to the latest version to avoid any possible exploitation of this vulnerability. Additionally, always keep monitoring the official Linux Kernel mailing list and security advisories for any new updates and patches.
Timeline
Published on: 01/06/2025 17:15:43 UTC
Last modified on: 01/07/2025 22:50:43 UTC