{"id":"CVE-2024-47794","summary":"bpf: Prevent tailcall infinite loop caused by freplace","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent tailcall infinite loop caused by freplace\n\nThere is a potential infinite loop issue that can occur when using a\ncombination of tail calls and freplace.\n\nIn an upcoming selftest, the attach target for entry_freplace of\ntailcall_freplace.c is subprog_tc of tc_bpf2bpf.c, while the tail call in\nentry_freplace leads to entry_tc. This results in an infinite loop:\n\nentry_tc -\u003e subprog_tc -\u003e entry_freplace --tailcall-\u003e entry_tc.\n\nThe problem arises because the tail_call_cnt in entry_freplace resets to\nzero each time entry_freplace is executed, causing the tail call mechanism\nto never terminate, eventually leading to a kernel panic.\n\nTo fix this issue, the solution is twofold:\n\n1. Prevent updating a program extended by an freplace program to a\n   prog_array map.\n2. Prevent extending a program that is already part of a prog_array map\n   with an freplace program.\n\nThis ensures that:\n\n* If a program or its subprogram has been extended by an freplace program,\n  it can no longer be updated to a prog_array map.\n* If a program has been added to a prog_array map, neither it nor its\n  subprograms can be extended by an freplace program.\n\nMoreover, an extension program should not be tailcalled. As such, return\n-EINVAL if the program has a type of BPF_PROG_TYPE_EXT when adding it to a\nprog_array map.\n\nAdditionally, fix a minor code style issue by replacing eight spaces with a\ntab for proper formatting.","modified":"2026-04-02T12:20:31.064958Z","published":"2025-01-11T12:25:14.419Z","related":["SUSE-SU-2025:01919-1","SUSE-SU-2025:01951-1","SUSE-SU-2025:01967-1","SUSE-SU-2025:1177-1","SUSE-SU-2025:1178-1","SUSE-SU-2025:1180-1","SUSE-SU-2025:20190-1","SUSE-SU-2025:20192-1","SUSE-SU-2025:20260-1","SUSE-SU-2025:20270-1","USN-7379-2","USN-7380-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47794.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/987aa730bad3e1ef66d9f30182294daa78f6387d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d6083f040d5d8f8d748462c77e90547097df936e"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47794.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47794"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"be8704ff07d2374bcc5c675526f95e70c6459683"},{"fixed":"987aa730bad3e1ef66d9f30182294daa78f6387d"},{"fixed":"d6083f040d5d8f8d748462c77e90547097df936e"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47794.json"}}],"schema_version":"1.7.5"}