CVE-2024-58098: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability (CVE-2024-58098) was identified in the Linux kernel's BPF subsystem related to tracking the changes_pkt_data property for global functions. The issue was discovered and disclosed on May 5, 2025, affecting the Linux kernel's BPF verifier component (NVD, Wiz).

The vulnerability exists in the BPF verifier's handling of packet data pointers after calls to global functions. When processing helper function calls, the verifier invalidates packet pointers but fails to traverse global sub-programs during the verification process. This means that calls to helpers made from global sub-programs do not properly invalidate pointers in the caller state, leading to potential unsafe operations. The issue specifically affects the bpf_helper_changes_pkt_data() function in filter.c. According to Red Hat's assessment, this vulnerability has been assigned a CVSS v3 score of 5.5, indicating moderate severity (Red Hat).

The vulnerability could allow unsafe use of packet pointers after certain BPF helper calls, potentially leading to memory corruption or other security issues. The issue affects various Linux distributions including Red Hat Enterprise Linux 9, Ubuntu, and Debian systems (Red Hat).

The vulnerability has been resolved by implementing proper tracking of the changes_pkt_data property for global functions. The fix involves computing the bpf_subprog_info->changes_pkt_data field for each sub-program before the main verification pass, ensuring that packet pointer invalidation is properly propagated through global function calls (Wiz).