CVE-2024-50161
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-50161
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50161.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-50161
- Related
- Published
- 2024-11-07T10:15:07Z
- Modified
- 2024-11-16T05:46:12.115241Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf: Check the remaining info_cnt before repeating btf fields
When trying to repeat the btf fields for array of nested struct, it doesn't check the remaining infocnt. The following splat will be reported when the value of ret * nelems is greater than BTFFIELDS_MAX:
------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in ../kernel/bpf/btf.c:3951:49 index 11 is out of range for type 'btffieldinfo [11]' CPU: 6 UID: 0 PID: 411 Comm: testprogs ...... 6.11.0-rc4+ #1 Tainted: [O]=OOTMODULE Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ... Call Trace: <TASK> dumpstacklvl+0x57/0x70 dumpstack+0x10/0x20 ubsanepilogue+0x9/0x40 _ubsanhandleoutofbounds+0x6f/0x80 ? kallsymslookupname+0x48/0xb0 btfparsefields+0x992/0xce0 mapcreate+0x591/0x770 _sysbpf+0x229/0x2410 _x64sysbpf+0x1f/0x30 x64syscall+0x199/0x9f0 dosyscall64+0x3b/0xc0 entrySYSCALL64after_hwframe+0x4b/0x53 RIP: 0033:0x7fea56f2cc5d ...... </TASK> ---[ end trace ]---
Fix it by checking the remaining infocnt in btfrepeat_fields() before repeating the btf fields.
- References
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.11.6-1