Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2024-27050
HistoryMay 01, 2024 - 1:15 p.m.

CVE-2024-27050

2024-05-0113:15:50
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
55
linux kernel
libbpf
vulnerability
update
patch
nvd

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

In the Linux kernel, the following vulnerability has been resolved:

libbpf: Use OPTS_SET() macro in bpf_xdp_query()

When the feature_flags and xdp_zc_max_segs fields were added to the libbpf
bpf_xdp_query_opts, the code writing them did not use the OPTS_SET() macro.
This causes libbpf to write to those fields unconditionally, which means
that programs compiled against an older version of libbpf (with a smaller
size of the bpf_xdp_query_opts struct) will have its stack corrupted by
libbpf writing out of bounds.

The patch adding the feature_flags field has an early bail out if the
feature_flags field is not part of the opts struct (via the OPTS_HAS)
macro, but the patch adding xdp_zc_max_segs does not. For consistency, this
fix just changes the assignments to both fields to use the OPTS_SET()
macro.

Affected configurations

Vulners
Node
linuxlinux_kernelRange6.66.6.23
OR
linuxlinux_kernelRange6.7.06.7.11
OR
linuxlinux_kernelRange6.8.06.8.2
OR
linuxlinux_kernelRange6.9.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "tools/lib/bpf/netlink.c"
    ],
    "versions": [
      {
        "version": "13ce2daa259a",
        "lessThan": "fa5bef5e80c6",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "13ce2daa259a",
        "lessThan": "682ddd62abd4",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "13ce2daa259a",
        "lessThan": "cd3be9843247",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "13ce2daa259a",
        "lessThan": "92a871ab9fa5",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "tools/lib/bpf/netlink.c"
    ],
    "versions": [
      {
        "version": "6.6",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.6",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.23",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.7.11",
        "lessThanOrEqual": "6.7.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.8.2",
        "lessThanOrEqual": "6.8.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

cvelist 1
ubuntucve 1
redhatcve 1
nvd 1
vulnrichment 1
debiancve 1
osv 4
openvas 4
nessus 6
ubuntu 4
cvelist
cvelist
CVE-2024-27050 libbpf: Use OPTS_SET() macro in bpf_xdp_query()
2024-05-01 12:54:35
ubuntucve
ubuntucve
CVE-2024-27050
2024-05-01 00:00:00
redhatcve
redhatcve
CVE-2024-27050
2024-05-01 20:58:30
nvd
nvd
CVE-2024-27050
2024-05-01 13:15:50
vulnrichment
vulnrichment
CVE-2024-27050 libbpf: Use OPTS_SET() macro in bpf_xdp_query()
2024-05-01 12:54:35
debiancve
debiancve
CVE-2024-27050
2024-05-01 13:15:50
osv
osv
linux, linux-ibm, linux-lowlatency, linux-raspi vulnerabilities
2024-06-07 18:18:31
linux-oem-6.8 vulnerabilities
2024-06-10 19:28:08
linux-azure, linux-gke vulnerabilities
2024-06-14 17:24:38
openvas
openvas
Ubuntu: Security Advisory (USN-6817-1)
2024-06-10 00:00:00
Ubuntu: Security Advisory (USN-6817-2)
2024-06-11 00:00:00
Ubuntu: Security Advisory (USN-6816-1)
2024-06-10 00:00:00
nessus
nessus
Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6817-3)
2024-06-14 00:00:00
Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6816-1)
2024-06-07 00:00:00
Ubuntu 24.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6817-2)
2024-06-10 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-06-07 00:00:00
Linux kernel (OEM) vulnerabilities
2024-06-11 00:00:00
Linux kernel vulnerabilities
2024-06-14 00:00:00

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON
Related for CVE-2024-27050
cvelist1ubuntucve1redhatcve1nvd1vulnrichment1debiancve1osv4openvas4nessus6ubuntu4