CVE-2021-47303

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.12.0+

Description A use-after-free vulnerability has been identified in the Linux kernel, specifically in the bpf (Berkeley Packet Filter) subsystem. The issue arises when subprograms call map poke track() but fail to call map poke untrack() upon program release, resulting in the freeing of aux memory and poke descriptor tables while still maintaining a reference to them. This leads to accessing freed memory, triggering a KASAN (Kernel Address Sanitizer) report in prog array map poke run(). The vulnerability is caused by the improper management of poke descriptor tables for subprograms, which do not follow the same logic as other data structures like BTF func info and linfo. The fix involves removing per-subprogram poke table allocation and map tracking, instead pointing the aux->poke tab pointer at the main program's poke table to simplify map tracking and avoid double-freeing issues.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, for Linux kernel versions prior to 5.12.0+, update to version 5.12.0 or later. As a temporary workaround, consider disabling the bpf subsystem or restricting its use until a patched version can be applied. However, this may have significant performance and functionality implications and should be carefully considered based on specific system requirements and constraints.