CVE-2024-26588: 
CBL Mariner vulnerability analysis and mitigation

A vulnerability in the Linux kernel's LoongArch BPF implementation has been identified and assigned CVE-2024-26588. The issue involves an out-of-bounds memory access vulnerability that occurs when handling BPF instructions on LoongArch systems. The vulnerability was discovered when the test_tag test triggered an unhandled page fault, specifically on systems with CONFIG_PAGE_SIZE_16KB enabled (Kernel Patch).

The vulnerability occurs in the build_insn() function of the LoongArch BPF JIT compiler, where it unconditionally attempts to access the next instruction's immediate value through '(insn + 1)->imm'. When handling a BPF program with 2039 instructions, this access can extend beyond the allocated page boundary, causing a page fault and subsequent system crash. The issue specifically manifests when the instruction pointer reaches the end of a page (0xffff80001b898000), attempting to access memory at address 0xffff80001b898004 (Kernel Patch).

When exploited, this vulnerability can lead to a kernel page fault and system crash (denial of service) on affected LoongArch systems. The issue particularly affects systems running the Linux kernel with LoongArch BPF support enabled (Kernel Patch).

The vulnerability has been patched by modifying the build_insn() function to only access the next instruction's immediate value within the specific context of 'dst = imm64'. The fix has been confirmed to resolve the issue, with the test_tag test successfully completing 40,945 tests after the patch application (Kernel Patch).