CVE-2023-52447

Name of the Vulnerable Software and Affected Versions Linux kernel versions from v5.8 to v6.6

Description The issue is related to a use-after-free problem in the Linux kernel, specifically in the bpf (Berkeley Packet Filter) subsystem. When updating or deleting an inner map in a map array or map htab, the map may still be accessed by non-sleepable or sleepable programs. The bpf map fd put ptr() function decreases the ref-counter of the inner map directly through bpf map put(), which can lead to the inner map being freed by ops->map free() in a kworker. However, most .map free() callbacks do not use synchronize rcu() or its variants to wait for the elapse of a RCU (Read-Copy Update) grace period, resulting in a potential use-after-free problem. The estimated number of potentially affected devices worldwide is not specified. There are reports of proof-of-concept (PoC) exploits being released, demonstrating the vulnerability's potential for container escape.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the vulnerability. Specifically, versions prior to v5.8 and after v6.6 are not affected. For versions between v5.8 and v6.6, apply the patch that fixes the use-after-free problem in the bpf subsystem. As a temporary workaround, consider disabling the bpf map put() function or restricting access to the vulnerable bpf subsystem until a patch is available.