CVE-2024-27050
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-27050
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27050.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-27050
- Related
- Published
- 2024-05-01T13:15:50Z
- Modified
- 2024-09-18T03:26:08.860853Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
libbpf: Use OPTSSET() macro in bpfxdp_query()
When the featureflags and xdpzcmaxsegs fields were added to the libbpf bpfxdpqueryopts, the code writing them did not use the OPTSSET() macro. This causes libbpf to write to those fields unconditionally, which means that programs compiled against an older version of libbpf (with a smaller size of the bpfxdpquery_opts struct) will have its stack corrupted by libbpf writing out of bounds.
The patch adding the featureflags field has an early bail out if the featureflags field is not part of the opts struct (via the OPTSHAS) macro, but the patch adding xdpzcmaxsegs does not. For consistency, this fix just changes the assignments to both fields to use the OPTS_SET() macro.
- References
-
- https://git.kernel.org/stable/c/682ddd62abd4bdcee7584246903e7a2df005fe0d
- https://git.kernel.org/stable/c/92a871ab9fa59a74d013bc04f321026a057618e7
- https://git.kernel.org/stable/c/cd3be9843247edb8fc6fcd8d8237cbce2bc19f5e
- https://git.kernel.org/stable/c/fa5bef5e80c6a3321b2b1a7070436f3bc5daf07c
- https://security-tracker.debian.org/tracker/CVE-2024-27050
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.7.12-1