Abel Wu

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: A deadlock issue has been resolved in the Linux kernel related to the bpf (Berkeley Packet Filter) functionality, specifically when freeing cgroup storage. This issue was introduced by a commit that aimed to prevent deadlocks for fentry/fexit programs attaching on bpf task storage helpers but inadvertently created a window for deadlocks when using bpf cgrp storage. The problem arises when NULL is passed to bpf local storage map free(), leading to a potential deadlock situation. Two example programs (A and B) are provided to demonstrate how this issue can be triggered, involving the use of bpf cgrp storage get() and bpf local storage map free() functions. Recommendations: To resolve this issue, pass the busy counter to the free procedure so it can be properly incremented before storage/smap locking. As a temporary workaround, consider disabling the `bpf cgrp storage get()` function until a patch is available. Restrict access to the `bpf local storage map free()` function to minimize the risk of exploitation. Avoid using the `cgrpa` and `cgrpb` maps in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.