CVE-2024-46764

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-46764

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-46764.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-46764

Downstream

BELL-CVE-2024-46764

DEBIAN-CVE-2024-46764

UBUNTU-CVE-2024-46764

Published

2024-09-18T07:12:23Z

Modified

2025-10-22T02:24:10.934824Z

Summary

bpf: add check for invalid name in btf_name_valid_section()

Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: add check for invalid name in btfnamevalid_section()

If the length of the name string is 1 and the value of name[0] is NULL byte, an OOB vulnerability occurs in btfnamevalid_section() and the return value is true, so the invalid name passes the check.

To solve this, you need to check if the first position is NULL byte and if the first character is printable.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

bd70a8fb7ca4fcb078086f4d96b048aaf1aa4786

Fixed

c8ffe2d4d37a05ce18c71b87421443c16f8475e5

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

bd70a8fb7ca4fcb078086f4d96b048aaf1aa4786

Fixed

bb6705c3f93bed2af03d43691743d4c43e3c8e6f

Affected versions

v6.*

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.10.1

v6.10.2

v6.10.3

v6.10.4

v6.10.5

v6.10.6

v6.10.7

v6.10.8

v6.10.9

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.8

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.9.0

Fixed

6.10.10