Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveLinuxCVE-2024-43840
HistoryAug 17, 2024 - 10:15 a.m.

CVE-2024-43840

2024-08-1710:15:09
Linux
web.nvd.nist.gov
31
linux kernel
bpf
arm64
trampoline function
vulnerability
fix
kernel crash

AI Score

6.6

Confidence

Low

EPSS

0

Percentile

9.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:

bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG

When BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls
__bpf_tramp_enter() and __bpf_tramp_exit() functions, passing them
the struct bpf_tramp_image *im pointer as an argument in R0.

The trampoline generation code uses emit_addr_mov_i64() to emit
instructions for moving the bpf_tramp_image address into R0, but
emit_addr_mov_i64() assumes the address to be in the vmalloc() space
and uses only 48 bits. Because bpf_tramp_image is allocated using
kzalloc(), its address can use more than 48-bits, in this case the
trampoline will pass an invalid address to __bpf_tramp_enter/exit()
causing a kernel crash.

Fix this by using emit_a64_mov_i64() in place of emit_addr_mov_i64()
as it can work with addresses that are greater than 48-bits.

Affected configurations

Vulners
Node
linuxlinux_kernelRange6.06.10.3
OR
linuxlinux_kernelRange6.11.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "arch/arm64/net/bpf_jit_comp.c"
    ],
    "versions": [
      {
        "version": "efc9909fdce0",
        "lessThan": "6d218fcc707d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "efc9909fdce0",
        "lessThan": "19d3c179a377",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "arch/arm64/net/bpf_jit_comp.c"
    ],
    "versions": [
      {
        "version": "6.0",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.0",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10.3",
        "lessThanOrEqual": "6.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.11",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

redhatcve 1
ubuntucve 1
osv 3
nvd 1
debiancve 1
vulnrichment 1
cvelist 1
nessus 2
redhatcve
redhatcve
CVE-2024-43840
2024-08-19 13:16:16
ubuntucve
ubuntucve
CVE-2024-43840
2024-08-17 00:00:00
osv
osv
CVE-2024-43840
2024-08-17 10:15:09
Security update for the Linux Kernel
2024-09-10 14:10:24
Security update for the Linux Kernel
2024-09-10 09:06:25
nvd
nvd
CVE-2024-43840
2024-08-17 10:15:09
debiancve
debiancve
CVE-2024-43840
2024-08-17 10:15:09
vulnrichment
vulnrichment
CVE-2024-43840 bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG
2024-08-17 09:21:55
cvelist
cvelist
CVE-2024-43840 bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG
2024-08-17 09:21:55
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3194-1)
2024-09-11 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3195-1)
2024-09-11 00:00:00

AI Score

6.6

Confidence

Low

EPSS

0

Percentile

9.5%

JSON
Related for CVE-2024-43840
redhatcve1ubuntucve1osv3nvd1debiancve1vulnrichment1cvelist1nessus2