Impact
An issue in the bpf subsystem of the Linux kernel that can cause a slab-out-of-bound read. A bpf program calling bpf_tail_call with an index larger than the max_entries can potentially pass the verifier. After that, it will cause an out-of-bound access in the x86 JIT compiler. The root cause is that tnum_range over-approximates the range of concrete values.
Patches
The fix has been backported to 5.15.64 version of the upstream Linux kernel (5.15 is the upstream Kernel long term version Talos ships with). Talos >= v1.2.0 is shipped with Linux Kernel 5.15.64 fixing the above issue.
Workarounds
It's recommended to upgrade
References
For more information
Impact
An issue in the bpf subsystem of the Linux kernel that can cause a slab-out-of-bound read. A bpf program calling bpf_tail_call with an index larger than the max_entries can potentially pass the verifier. After that, it will cause an out-of-bound access in the x86 JIT compiler. The root cause is that tnum_range over-approximates the range of concrete values.
Patches
The fix has been backported to 5.15.64 version of the upstream Linux kernel (5.15 is the upstream Kernel long term version Talos ships with). Talos >= v1.2.0 is shipped with Linux Kernel 5.15.64 fixing the above issue.
Workarounds
It's recommended to upgrade
References
For more information