CVE-2024-58070 (GCVE-0-2024-58070)
Vulnerability from cvelistv5
Published
2025-03-06 15:54
Modified
2025-10-01 19:36
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT In PREEMPT_RT, kmalloc(GFP_ATOMIC) is still not safe in non preemptible context. bpf_mem_alloc must be used in PREEMPT_RT. This patch is to enforce bpf_mem_alloc in the bpf_local_storage when CONFIG_PREEMPT_RT is enabled. [ 35.118559] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 35.118566] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1832, name: test_progs [ 35.118569] preempt_count: 1, expected: 0 [ 35.118571] RCU nest depth: 1, expected: 1 [ 35.118577] INFO: lockdep is turned off. ... [ 35.118647] __might_resched+0x433/0x5b0 [ 35.118677] rt_spin_lock+0xc3/0x290 [ 35.118700] ___slab_alloc+0x72/0xc40 [ 35.118723] __kmalloc_noprof+0x13f/0x4e0 [ 35.118732] bpf_map_kzalloc+0xe5/0x220 [ 35.118740] bpf_selem_alloc+0x1d2/0x7b0 [ 35.118755] bpf_local_storage_update+0x2fa/0x8b0 [ 35.118784] bpf_sk_storage_get_tracing+0x15a/0x1d0 [ 35.118791] bpf_prog_9a118d86fca78ebb_trace_inet_sock_set_state+0x44/0x66 [ 35.118795] bpf_trace_run3+0x222/0x400 [ 35.118820] __bpf_trace_inet_sock_set_state+0x11/0x20 [ 35.118824] trace_inet_sock_set_state+0x112/0x130 [ 35.118830] inet_sk_state_store+0x41/0x90 [ 35.118836] tcp_set_state+0x3b3/0x640 There is no need to adjust the gfp_flags passing to the bpf_mem_cache_alloc_flags() which only honors the GFP_KERNEL. The verifier has ensured GFP_KERNEL is passed only in sleepable context. It has been an old issue since the first introduction of the bpf_local_storage ~5 years ago, so this patch targets the bpf-next. bpf_mem_alloc is needed to solve it, so the Fixes tag is set to the commit when bpf_mem_alloc was first used in the bpf_local_storage.
References
Impacted products
Vendor Product Version
Linux Linux Version: 08a7ce384e33e53e0732c500a8af67a73f8fceca
Version: 08a7ce384e33e53e0732c500a8af67a73f8fceca
Version: 08a7ce384e33e53e0732c500a8af67a73f8fceca
Version: 08a7ce384e33e53e0732c500a8af67a73f8fceca
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-58070",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:27:34.371519Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-667",
                "description": "CWE-667 Improper Locking",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:36:36.533Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/bpf_local_storage.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3392fa605d7c5708c5fbe02e4fbdac547c3b7352",
              "status": "affected",
              "version": "08a7ce384e33e53e0732c500a8af67a73f8fceca",
              "versionType": "git"
            },
            {
              "lessThan": "b0027500000dfcb8ee952557d565064cea22c43e",
              "status": "affected",
              "version": "08a7ce384e33e53e0732c500a8af67a73f8fceca",
              "versionType": "git"
            },
            {
              "lessThan": "c1d398a3af7e59d7fef351c84fed7ebb575d1f1a",
              "status": "affected",
              "version": "08a7ce384e33e53e0732c500a8af67a73f8fceca",
              "versionType": "git"
            },
            {
              "lessThan": "8eef6ac4d70eb1f0099fff93321d90ce8fa49ee1",
              "status": "affected",
              "version": "08a7ce384e33e53e0732c500a8af67a73f8fceca",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/bpf_local_storage.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.76",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.13",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.2",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT\n\nIn PREEMPT_RT, kmalloc(GFP_ATOMIC) is still not safe in non preemptible\ncontext. bpf_mem_alloc must be used in PREEMPT_RT. This patch is\nto enforce bpf_mem_alloc in the bpf_local_storage when CONFIG_PREEMPT_RT\nis enabled.\n\n[   35.118559] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[   35.118566] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1832, name: test_progs\n[   35.118569] preempt_count: 1, expected: 0\n[   35.118571] RCU nest depth: 1, expected: 1\n[   35.118577] INFO: lockdep is turned off.\n    ...\n[   35.118647]  __might_resched+0x433/0x5b0\n[   35.118677]  rt_spin_lock+0xc3/0x290\n[   35.118700]  ___slab_alloc+0x72/0xc40\n[   35.118723]  __kmalloc_noprof+0x13f/0x4e0\n[   35.118732]  bpf_map_kzalloc+0xe5/0x220\n[   35.118740]  bpf_selem_alloc+0x1d2/0x7b0\n[   35.118755]  bpf_local_storage_update+0x2fa/0x8b0\n[   35.118784]  bpf_sk_storage_get_tracing+0x15a/0x1d0\n[   35.118791]  bpf_prog_9a118d86fca78ebb_trace_inet_sock_set_state+0x44/0x66\n[   35.118795]  bpf_trace_run3+0x222/0x400\n[   35.118820]  __bpf_trace_inet_sock_set_state+0x11/0x20\n[   35.118824]  trace_inet_sock_set_state+0x112/0x130\n[   35.118830]  inet_sk_state_store+0x41/0x90\n[   35.118836]  tcp_set_state+0x3b3/0x640\n\nThere is no need to adjust the gfp_flags passing to the\nbpf_mem_cache_alloc_flags() which only honors the GFP_KERNEL.\nThe verifier has ensured GFP_KERNEL is passed only in sleepable context.\n\nIt has been an old issue since the first introduction of the\nbpf_local_storage ~5 years ago, so this patch targets the bpf-next.\n\nbpf_mem_alloc is needed to solve it, so the Fixes tag is set\nto the commit when bpf_mem_alloc was first used in the bpf_local_storage."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:09:17.543Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3392fa605d7c5708c5fbe02e4fbdac547c3b7352"
        },
        {
          "url": "https://git.kernel.org/stable/c/b0027500000dfcb8ee952557d565064cea22c43e"
        },
        {
          "url": "https://git.kernel.org/stable/c/c1d398a3af7e59d7fef351c84fed7ebb575d1f1a"
        },
        {
          "url": "https://git.kernel.org/stable/c/8eef6ac4d70eb1f0099fff93321d90ce8fa49ee1"
        }
      ],
      "title": "bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-58070",
    "datePublished": "2025-03-06T15:54:10.166Z",
    "dateReserved": "2025-03-06T15:52:09.182Z",
    "dateUpdated": "2025-10-01T19:36:36.533Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-58070\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-03-06T16:15:53.480\",\"lastModified\":\"2025-10-01T20:18:12.857\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT\\n\\nIn PREEMPT_RT, kmalloc(GFP_ATOMIC) is still not safe in non preemptible\\ncontext. bpf_mem_alloc must be used in PREEMPT_RT. This patch is\\nto enforce bpf_mem_alloc in the bpf_local_storage when CONFIG_PREEMPT_RT\\nis enabled.\\n\\n[   35.118559] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\\n[   35.118566] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1832, name: test_progs\\n[   35.118569] preempt_count: 1, expected: 0\\n[   35.118571] RCU nest depth: 1, expected: 1\\n[   35.118577] INFO: lockdep is turned off.\\n    ...\\n[   35.118647]  __might_resched+0x433/0x5b0\\n[   35.118677]  rt_spin_lock+0xc3/0x290\\n[   35.118700]  ___slab_alloc+0x72/0xc40\\n[   35.118723]  __kmalloc_noprof+0x13f/0x4e0\\n[   35.118732]  bpf_map_kzalloc+0xe5/0x220\\n[   35.118740]  bpf_selem_alloc+0x1d2/0x7b0\\n[   35.118755]  bpf_local_storage_update+0x2fa/0x8b0\\n[   35.118784]  bpf_sk_storage_get_tracing+0x15a/0x1d0\\n[   35.118791]  bpf_prog_9a118d86fca78ebb_trace_inet_sock_set_state+0x44/0x66\\n[   35.118795]  bpf_trace_run3+0x222/0x400\\n[   35.118820]  __bpf_trace_inet_sock_set_state+0x11/0x20\\n[   35.118824]  trace_inet_sock_set_state+0x112/0x130\\n[   35.118830]  inet_sk_state_store+0x41/0x90\\n[   35.118836]  tcp_set_state+0x3b3/0x640\\n\\nThere is no need to adjust the gfp_flags passing to the\\nbpf_mem_cache_alloc_flags() which only honors the GFP_KERNEL.\\nThe verifier has ensured GFP_KERNEL is passed only in sleepable context.\\n\\nIt has been an old issue since the first introduction of the\\nbpf_local_storage ~5 years ago, so this patch targets the bpf-next.\\n\\nbpf_mem_alloc is needed to solve it, so the Fixes tag is set\\nto the commit when bpf_mem_alloc was first used in the bpf_local_storage.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad:  bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT In PREEMPT_RT, kmalloc(GFP_ATOMIC) is still not safe in non preemptible context. bpf_mem_alloc must be used in PREEMPT_RT. This patch is to enforce bpf_mem_alloc in the bpf_local_storage when CONFIG_PREEMPT_RT is enabled. [ 35.118559] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 35.118566] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1832, name: test_progs [ 35.118569] preempt_count: 1, expected: 0 [ 35.118571] RCU nest depth: 1, expected: 1 [ 35.118577] INFO: lockdep is turned off. ... [ 35.118647] __might_resched+0x433/0x5b0 [ 35.118677] rt_spin_lock+0xc3/0x290 [ 35.118700] ___slab_alloc+0x72/0xc40 [ 35.118723] __kmalloc_noprof+0x13f/0x4e0 [ 35.118732] bpf_map_kzalloc+0xe5/0x220 [ 35.118740] bpf_selem_alloc+0x1d2/0x7b0 [ 35.118755] bpf_local_storage_update+0x2fa/0x8b0 [ 35.118784] bpf_sk_storage_get_tracing+0x15a/0x1d0 [ 35.118791] bpf_prog_9a118d86fca78ebb_trace_inet_sock_set_state+0x44/0x66 [ 35.118795] bpf_trace_run3+0x222/0x400 [ 35.118820] __bpf_trace_inet_sock_set_state+0x11/0x20 [ 35.118824] trace_inet_sock_set_state+0x112/0x130 [ 35.118830] inet_sk_state_store+0x41/0x90 [ 35.118836] tcp_set_state+0x3b3/0x640 No es necesario ajustar el gfp_flags que se pasa a bpf_mem_cache_alloc_flags() que solo respeta el GFP_KERNEL. El verificador se ha asegurado de que GFP_KERNEL se pase solo en un contexto en el que se pueda dormir. Ha sido un problema antiguo desde la primera introducci\u00f3n de bpf_local_storage hace unos 5 a\u00f1os, por lo que este parche apunta a bpf-next. Se necesita bpf_mem_alloc para resolverlo, por lo que la etiqueta Fixes se establece en el commit cuando bpf_mem_alloc se utiliz\u00f3 por primera vez en bpf_local_storage.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4\",\"versionEndExcluding\":\"6.6.76\",\"matchCriteriaId\":\"C6A28F1A-2CCA-4B18-AA73-20D184A7D477\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.13\",\"matchCriteriaId\":\"2897389C-A8C3-4D69-90F2-E701B3D66373\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.13.2\",\"matchCriteriaId\":\"6D4116B1-1BFD-4F23-BA84-169CC05FC5A3\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3392fa605d7c5708c5fbe02e4fbdac547c3b7352\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8eef6ac4d70eb1f0099fff93321d90ce8fa49ee1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b0027500000dfcb8ee952557d565064cea22c43e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c1d398a3af7e59d7fef351c84fed7ebb575d1f1a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.