{"id":"CVE-2024-58237","summary":"bpf: consider that tail calls invalidate packet pointers","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: consider that tail calls invalidate packet pointers\n\nTail-called programs could execute any of the helpers that invalidate\npacket pointers. Hence, conservatively assume that each tail call\ninvalidates packet pointers.\n\nMaking the change in bpf_helper_changes_pkt_data() automatically makes\nuse of check_cfg() logic that computes 'changes_pkt_data' effect for\nglobal sub-programs, such that the following program could be\nrejected:\n\n    int tail_call(struct __sk_buff *sk)\n    {\n    \tbpf_tail_call_static(sk, &jmp_table, 0);\n    \treturn 0;\n    }\n\n    SEC(\"tc\")\n    int not_safe(struct __sk_buff *sk)\n    {\n    \tint *p = (void *)(long)sk-\u003edata;\n    \t... make p valid ...\n    \ttail_call(sk);\n    \t*p = 42; /* this is unsafe */\n    \t...\n    }\n\nThe tc_bpf2bpf.c:subprog_tc() needs change: mark it as a function that\ncan invalidate packet pointers. Otherwise, it can't be freplaced with\ntailcall_freplace.c:entry_freplace() that does a tail call.","modified":"2026-04-02T12:25:32.342351Z","published":"2025-05-05T14:53:34.153Z","related":["SUSE-SU-2025:01964-1","SUSE-SU-2025:01965-1","SUSE-SU-2025:02000-1","SUSE-SU-2025:02254-1","SUSE-SU-2025:02307-1","SUSE-SU-2025:02333-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:20408-1","SUSE-SU-2025:20413-1","SUSE-SU-2025:20419-1","SUSE-SU-2025:20421-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/58xxx/CVE-2024-58237.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1a4607ffba35bf2a630aab299e34dd3f6e658d70"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1c2244437f9ad3dd91215f920401a14f2542dbfc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f1692ee23dcaaddc24ba407b269707ee5df1301f"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/58xxx/CVE-2024-58237.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-58237"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"51c39bb1d5d105a02e29aa7960f0a395086e6342"},{"fixed":"f1692ee23dcaaddc24ba407b269707ee5df1301f"},{"fixed":"1c2244437f9ad3dd91215f920401a14f2542dbfc"},{"fixed":"1a4607ffba35bf2a630aab299e34dd3f6e658d70"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58237.json"}}],"schema_version":"1.7.5"}