CVE-2024-50163

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61

Description: The issue arises from the shared use of the bpf redirect info struct between the SKB and XDP redirect paths in the Linux kernel, where the two paths utilize the same numeric flag values in the ri->flags field. Specifically, BPF F BROADCAST equals BPF F NEXTHOP, leading to confusion and potential crashes when skb bpf redirect neigh() is used with a non-NULL params argument followed by an XDP redirect using the same bpf redirect info struct. This has been triggered by syzbot, causing a crash. The patch resolves this by redefining flags to prevent overlap and adds a BUILD BUG ON() check to prevent re-introduction of the issue.

Recommendations: For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider avoiding the use of skb bpf redirect neigh() with a non-NULL params argument when followed by an XDP redirect using the same bpf redirect info struct until the patch is applied.