CVE-2024-26589: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-26589 is a vulnerability in the Linux kernel's BPF subsystem that affects the handling of variable offset arithmetic on PTR_TO_FLOW_KEYS. The vulnerability was discovered in January 2024 and affects Linux kernel versions from 4.20 through 6.7.2. The issue arises because check_flow_keys_access() only uses fixed offset for validation, while variable offset pointer arithmetic is not prohibited for this pointer kind, leading to potential out-of-bounds access (NVD).

The vulnerability exists in the BPF verifier's handling of PTR_TO_FLOW_KEYS pointer arithmetic. When processing variable offset arithmetic operations, the verifier fails to properly validate the offset, allowing programs to perform unchecked pointer arithmetic. This can lead to out-of-bounds memory access. The issue has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements but high impact potential (NVD).

The vulnerability can lead to out-of-bounds memory access, potentially causing system crashes or memory exposure. When exploited, it can trigger kernel page faults and system crashes, as demonstrated by proof-of-concept code that causes a page fault at invalid memory addresses. This could result in denial of service conditions or potentially allow an attacker to read or write to unauthorized memory locations (Kernel Patch).

The vulnerability has been patched in the Linux kernel by adding validation that rejects pointer arithmetic with variable offsets on flow_keys. The fix has been backported to multiple stable kernel versions. Systems should be updated to patched versions that include this fix. The patch rejects potentially dangerous programs with the error message 'R7 pointer arithmetic on flow_keys prohibited' (Kernel Patch).