CVE-2024-38574
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-38574
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38574.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-38574
- Downstream
- Published
- 2024-06-19T13:35:39Z
- Modified
- 2025-10-21T22:29:10.694913Z
- Summary
- libbpf: Prevent null-pointer dereference when prog to load has no BTF
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
libbpf: Prevent null-pointer dereference when prog to load has no BTF
In bpfobjecloadprog(), there's no guarantee that obj->btf is non-NULL when passing it to btffd(), and this function does not perform any check before dereferencing its argument (as bpfobjectbtf_fd() used to do). As a consequence, we get segmentation fault errors in bpftool (for example) when trying to load programs that come without BTF information.
v2: Keep btffd() in the fix instead of reverting to bpfobjectbtffd().
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddf7c3f7d3a3ddab31ca8cfa9b86a8729ec43fd2eFixedef80b59acfa4dee4b5eaccb15572b69248831104
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddf7c3f7d3a3ddab31ca8cfa9b86a8729ec43fd2eFixed1fd91360a75833b7110af9834ae26c977e1273e0
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddf7c3f7d3a3ddab31ca8cfa9b86a8729ec43fd2eFixed9bf48fa19a4b1d186e08b20bf7e5de26a15644fb
Affected versions
v6.*
v6.7
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.10
v6.8.11
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "tools/lib/bpf/libbpf.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"96359129477840524100769262177533839984",
"316792540094855732782627653329915212598",
"153812118696919346589186120327156592157",
"217259694787710755560497040472710860063",
"231153187777229342482534410103594593603",
"126306221705599879831923119999268105605",
"28370649929950347145827168595995270762",
"336509943113712206934858510785359161122",
"197174030922154535898200817952621810334",
"313153927905161879456216015485235170773",
"299334772993575709636452112634419061802",
"82102706902332080489424684732579493227"
]
},
"deprecated": false,
"id": "CVE-2024-38574-01fa8a60",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1fd91360a75833b7110af9834ae26c977e1273e0"
},
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "tools/lib/bpf/libbpf.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"96359129477840524100769262177533839984",
"316792540094855732782627653329915212598",
"153812118696919346589186120327156592157",
"217259694787710755560497040472710860063",
"231153187777229342482534410103594593603",
"126306221705599879831923119999268105605",
"28370649929950347145827168595995270762",
"336509943113712206934858510785359161122",
"197174030922154535898200817952621810334",
"313153927905161879456216015485235170773",
"299334772993575709636452112634419061802",
"82102706902332080489424684732579493227"
]
},
"deprecated": false,
"id": "CVE-2024-38574-1f2b0b55",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9bf48fa19a4b1d186e08b20bf7e5de26a15644fb"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"function": "bpf_object_load_prog",
"file": "tools/lib/bpf/libbpf.c"
},
"digest": {
"function_hash": "74634949824627693131469832275439372115",
"length": 3877.0
},
"deprecated": false,
"id": "CVE-2024-38574-5ae3ddd5",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9bf48fa19a4b1d186e08b20bf7e5de26a15644fb"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"function": "bpf_object_load_prog",
"file": "tools/lib/bpf/libbpf.c"
},
"digest": {
"function_hash": "74634949824627693131469832275439372115",
"length": 3877.0
},
"deprecated": false,
"id": "CVE-2024-38574-cbd8f3fa",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1fd91360a75833b7110af9834ae26c977e1273e0"
},
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "tools/lib/bpf/libbpf.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"96359129477840524100769262177533839984",
"316792540094855732782627653329915212598",
"153812118696919346589186120327156592157",
"217259694787710755560497040472710860063",
"231153187777229342482534410103594593603",
"126306221705599879831923119999268105605",
"28370649929950347145827168595995270762",
"336509943113712206934858510785359161122",
"197174030922154535898200817952621810334",
"313153927905161879456216015485235170773",
"299334772993575709636452112634419061802",
"82102706902332080489424684732579493227"
]
},
"deprecated": false,
"id": "CVE-2024-38574-e9be5705",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ef80b59acfa4dee4b5eaccb15572b69248831104"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"function": "bpf_object_load_prog",
"file": "tools/lib/bpf/libbpf.c"
},
"digest": {
"function_hash": "65860747895466668105558496321343251776",
"length": 3766.0
},
"deprecated": false,
"id": "CVE-2024-38574-f9cc34e7",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ef80b59acfa4dee4b5eaccb15572b69248831104"
}
]