CVE-2024-47728
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-47728
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47728.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-47728
- Downstream
- Related
- Published
- 2024-10-21T12:14:01Z
- Modified
- 2025-10-15T16:56:22.170460Z
- Summary
- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf: Zero former ARGPTRTO_{LONG,INT} args in case of error
For all non-tracing helpers which formerly had ARGPTRTO{LONG,INT} as input arguments, zero the value for the case of an error as otherwise it could leak memory. For tracing, it is not needed given CAPPERFMON can already read all kernel memory anyway hence bpfgetfuncarg() and bpfgetfuncret() is skipped in here.
Also, the MTU helpers mtulen pointer value is being written but also read. Technically, the MEMUNINIT should not be there in order to always force init. Removing MEMUNINIT needs more verifier rework though: MEMUNINIT right now implies two things actually: i) write into memory, ii) memory does not have to be initialized. If we lift MEMUNINIT, it then becomes: i) read into memory, ii) memory must be initialized. This means that for bpf*checkmtu() we're readding the issue we're trying to fix, that is, it would then be able to write back into things like .rodata BPF maps. Follow-up work will rework the MEMUNINIT semantics such that the intent can be better expressed. For now just clear the *mtulen on error path which can be lifted later again.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/4b3786a6c5397dc220b1483d8e2f4867743e966f
- https://git.kernel.org/stable/c/594a9f5a8d2de2573a856e506f77ba7dd2cefc6a
- https://git.kernel.org/stable/c/599d15b6d03356a97bff7a76155c5604c42a2962
- https://git.kernel.org/stable/c/8397bf78988f3ae9dbebb0200189a62a57264980
- https://git.kernel.org/stable/c/a634fa8e480ac2423f86311a602f6295df2c8ed0
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd7a4cb9b6705a89937d12c8158a35a3145dc967aFixed8397bf78988f3ae9dbebb0200189a62a57264980
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd7a4cb9b6705a89937d12c8158a35a3145dc967aFixeda634fa8e480ac2423f86311a602f6295df2c8ed0
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd7a4cb9b6705a89937d12c8158a35a3145dc967aFixed599d15b6d03356a97bff7a76155c5604c42a2962
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd7a4cb9b6705a89937d12c8158a35a3145dc967aFixed594a9f5a8d2de2573a856e506f77ba7dd2cefc6a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd7a4cb9b6705a89937d12c8158a35a3145dc967aFixed4b3786a6c5397dc220b1483d8e2f4867743e966f
Affected versions
v5.*
v5.1
v5.1-rc5
v5.1-rc6
v5.1-rc7
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.2
v5.2-rc1
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2-rc6
v5.2-rc7
v5.3
v5.3-rc1
v5.3-rc2
v5.3-rc3
v5.3-rc4
v5.3-rc5
v5.3-rc6
v5.3-rc7
v5.3-rc8
v5.4
v5.4-rc1
v5.4-rc2
v5.4-rc3
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.100
v6.1.101
v6.1.102
v6.1.103
v6.1.104
v6.1.105
v6.1.106
v6.1.107
v6.1.108
v6.1.109
v6.1.11
v6.1.110
v6.1.111
v6.1.112
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.85
v6.1.86
v6.1.87
v6.1.88
v6.1.89
v6.1.9
v6.1.90
v6.1.91
v6.1.92
v6.1.93
v6.1.94
v6.1.95
v6.1.96
v6.1.97
v6.1.98
v6.1.99
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.10
v6.10.11
v6.10.12
v6.10.2
v6.10.3
v6.10.4
v6.10.5
v6.10.6
v6.10.7
v6.10.8
v6.10.9
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.11.1
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "kernel/bpf/syscall.c",
"function": "BPF_CALL_4"
},
"id": "CVE-2024-47728-19d4beaf",
"digest": {
"length": 301.0,
"function_hash": "233821031219967654770098703901816441196"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4b3786a6c5397dc220b1483d8e2f4867743e966f"
},
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "kernel/bpf/syscall.c"
},
"id": "CVE-2024-47728-1b900e0a",
"digest": {
"line_hashes": [
"82794379830270831786685162063380161210",
"317849267794842817931437270598985441925",
"96582844266462750457665149590370138143",
"248956161751103650129104673805553748145"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4b3786a6c5397dc220b1483d8e2f4867743e966f"
},
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "net/core/filter.c"
},
"id": "CVE-2024-47728-72f1e339",
"digest": {
"line_hashes": [
"95884122307805907173202708653475413207",
"141544639662937488882428654013524535941",
"79245509119754820033786556395645040637",
"96049133852433810175402114823983153617",
"218492384383407471666050885030719487215",
"79198285430606721516461935320557091279",
"194577060997334224085876806436945091846",
"256971199729239073080665320876195502558",
"45480891656549933753714827418008051637",
"109280151770972645841689591102641809723",
"264402819010967772253355853091323675621",
"97449657852583351257422335015565947314",
"156850521132636250292248006622530381009",
"193130916329745250026882973447446279342",
"7128506202693907709362272538727257265",
"102179415397334828206750280030460993474",
"148839319430961035289451941042565239023",
"188612976601534815420014928460433686942",
"160998942001707874950808799525938011643",
"221722375709459026473367340251038838506",
"27044681880901747016766258356849961652",
"84799160434898417000193150045101051182",
"18074990013727124059668846245081873816",
"101268604139434993403847204188029851764",
"319735842672492733965050598792376413600",
"308131012900346275182584362853527488376",
"256971199729239073080665320876195502558",
"45480891656549933753714827418008051637",
"109280151770972645841689591102641809723",
"201229275693596144072832160597137589826",
"212747981364204117016246512613198384563",
"160066102012085188260552832199261072458",
"293633673791196707211769804366647736871",
"15187529438368951132850839818544343790",
"99383778479472209518719123203907308648"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4b3786a6c5397dc220b1483d8e2f4867743e966f"
},
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "kernel/bpf/helpers.c"
},
"id": "CVE-2024-47728-872c5a67",
"digest": {
"line_hashes": [
"275302919486166560978351388520968949636",
"137268453560884425639588402160990372846",
"202339223315391160496167260593430980181",
"132172690703588799882195260101585281254",
"116125580838937523567231678128846785900",
"335986369826281594453939096963187538851"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4b3786a6c5397dc220b1483d8e2f4867743e966f"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "net/core/filter.c",
"function": "BPF_CALL_5"
},
"id": "CVE-2024-47728-a8817907",
"digest": {
"length": 589.0,
"function_hash": "116012234096719998457557348175634016346"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4b3786a6c5397dc220b1483d8e2f4867743e966f"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "kernel/bpf/helpers.c",
"function": "BPF_CALL_4"
},
"id": "CVE-2024-47728-ba95d77f",
"digest": {
"length": 286.0,
"function_hash": "146738665647065769175567780349116907730"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4b3786a6c5397dc220b1483d8e2f4867743e966f"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "kernel/bpf/helpers.c",
"function": "BPF_CALL_4"
},
"id": "CVE-2024-47728-bde68ec1",
"digest": {
"length": 228.0,
"function_hash": "80406185819737090025365864674820836777"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4b3786a6c5397dc220b1483d8e2f4867743e966f"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "net/core/filter.c",
"function": "BPF_CALL_5"
},
"id": "CVE-2024-47728-e09a2b66",
"digest": {
"length": 850.0,
"function_hash": "19270404781501414821468702635831822445"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4b3786a6c5397dc220b1483d8e2f4867743e966f"
}
]
}