Liu Ruitong

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58 Description: A null pointer dereference issue has been identified in the Linux kernel, specifically in the handling of malformed BPF CORE TYPE ID LOCAL relocation records. This occurs when a relocation record references a non-existing BTF type, causing the `bpf core calc relo insn` function to dereference a null pointer. The issue can be triggered by passing malformed relocation records from user space. A simple reproducer program has been created to demonstrate this issue, which includes a single relocation record with a non-existent `type id`. Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `bpf core calc relo insn` function until a patch is available. Additionally, avoid passing malformed relocation records from user space to minimize the risk of exploitation.