CVE-2024-45020
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-45020
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45020.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-45020
- Downstream
- Related
- Published
- 2024-09-11T15:13:54Z
- Modified
- 2025-10-22T01:58:07.667504Z
- Summary
- bpf: Fix a kernel verifier crash in stacksafe()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix a kernel verifier crash in stacksafe()
Daniel Hodges reported a kernel verifier crash when playing with sched-ext. Further investigation shows that the crash is due to invalid memory access in stacksafe(). More specifically, it is the following code:
if (exact != NOT_EXACT && old->stack[spi].slot_type[i % BPF_REG_SIZE] != cur->stack[spi].slot_type[i % BPF_REG_SIZE]) return false;The 'i' iterates old->allocatedstack. If cur->allocatedstack < old->allocated_stack the out-of-bound access will happen.
To fix the issue add 'i >= cur->allocatedstack' check such that if the condition is true, stacksafe() should fail. Otherwise, cur->stack[spi].slottype[i % BPFREGSIZE] memory access is legal.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedab470fefce2837e66b771c60858118d50bb5bb10Fixed7cad3174cc79519bf5f6c4441780264416822c08
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2793a8b015f7f1caadb9bce9c63dc659f7522676Fixed6e3987ac310c74bb4dd6a2fa8e46702fe505fb2b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2793a8b015f7f1caadb9bce9c63dc659f7522676Fixedbed2eb964c70b780fb55925892a74f26cb590b25
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.2
v6.10.3
v6.10.4
v6.10.5
v6.10.6
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.6
v6.6-rc6
v6.6-rc7
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7cad3174cc79519bf5f6c4441780264416822c08",
"deprecated": false,
"id": "CVE-2024-45020-3643fa61",
"signature_type": "Function",
"digest": {
"length": 2138.0,
"function_hash": "282396486014554947654918895250695619621"
},
"target": {
"function": "stacksafe",
"file": "kernel/bpf/verifier.c"
}
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bed2eb964c70b780fb55925892a74f26cb590b25",
"deprecated": false,
"id": "CVE-2024-45020-722d608d",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"322198325282551150497597915949366478266",
"35115837087594568153765789816046257035",
"254103083496380533287246688785723376362",
"334916770808929024351956086150989644671",
"233574285408353597226430589877391362589"
]
},
"target": {
"file": "kernel/bpf/verifier.c"
}
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6e3987ac310c74bb4dd6a2fa8e46702fe505fb2b",
"deprecated": false,
"id": "CVE-2024-45020-74fc0fe5",
"signature_type": "Function",
"digest": {
"length": 2400.0,
"function_hash": "77733944842172065930539484698791680204"
},
"target": {
"function": "stacksafe",
"file": "kernel/bpf/verifier.c"
}
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7cad3174cc79519bf5f6c4441780264416822c08",
"deprecated": false,
"id": "CVE-2024-45020-8e792229",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"204083033786109607836391573259958389595",
"43839925826951805008661102202440986195",
"222729727237513844910155366609305440080",
"277052818649110265999816295053174173815",
"117742637082276244784587530016622594125"
]
},
"target": {
"file": "kernel/bpf/verifier.c"
}
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6e3987ac310c74bb4dd6a2fa8e46702fe505fb2b",
"deprecated": false,
"id": "CVE-2024-45020-e18ed6f6",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"322198325282551150497597915949366478266",
"35115837087594568153765789816046257035",
"254103083496380533287246688785723376362",
"334916770808929024351956086150989644671",
"233574285408353597226430589877391362589"
]
},
"target": {
"file": "kernel/bpf/verifier.c"
}
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bed2eb964c70b780fb55925892a74f26cb590b25",
"deprecated": false,
"id": "CVE-2024-45020-f4d65afd",
"signature_type": "Function",
"digest": {
"length": 2400.0,
"function_hash": "77733944842172065930539484698791680204"
},
"target": {
"function": "stacksafe",
"file": "kernel/bpf/verifier.c"
}
}
]