CVE-2021-47300

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.13.0-53301-ge6c08cb33a30-dirty #87

Description A bug in the Linux kernel's BPF (Berkeley Packet Filter) subsystem has been identified. The issue arises when the jit subprogs() function fails and attempts to clean up the program to be run under the interpreter, resulting in a freeze. This occurs because the env->prog->aux->tail call reachable condition is never true, causing the program rejection to fail. The bug was introduced by a commit that added a tracker to the check max stack depth() function, which propagates the tail call reachable condition throughout the subprograms.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the bpf: Fix tail call reachable rejection for interpreter when jit failed vulnerability. As a temporary workaround, consider disabling the BPF JIT (Just-In-Time) compiler until a patched version of the kernel is available.