Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveLinuxCVE-2024-43843
HistoryAug 17, 2024 - 10:15 a.m.

CVE-2024-43843

2024-08-1710:15:09
Linux
web.nvd.nist.gov
32
linux kernel
riscv
bpf
out-of-bounds issue

AI Score

6.5

Confidence

Low

EPSS

0

Percentile

9.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:

riscv, bpf: Fix out-of-bounds issue when preparing trampoline image

We get the size of the trampoline image during the dry run phase and
allocate memory based on that size. The allocated image will then be
populated with instructions during the real patch phase. But after
commit 26ef208c209a (“bpf: Use arch_bpf_trampoline_size”), the im
argument is inconsistent in the dry run and real patch phase. This may
cause emit_imm in RV64 to generate a different number of instructions
when generating the ‘im’ address, potentially causing out-of-bounds
issues. Let’s emit the maximum number of instructions for the “im”
address during dry run to fix this problem.

Affected configurations

Vulners
Node
linuxlinux_kernelRange6.86.10.3
OR
linuxlinux_kernelRange6.11.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "arch/riscv/net/bpf_jit_comp64.c"
    ],
    "versions": [
      {
        "version": "26ef208c209a",
        "lessThan": "3e6a1b1b179a",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "26ef208c209a",
        "lessThan": "9f1e16fb1fc9",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "arch/riscv/net/bpf_jit_comp64.c"
    ],
    "versions": [
      {
        "version": "6.8",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.8",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10.3",
        "lessThanOrEqual": "6.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.11",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

cvelist 1
ubuntucve 1
vulnrichment 1
redhatcve 1
nvd 1
debiancve 1
osv 1
cvelist
cvelist
CVE-2024-43843 riscv, bpf: Fix out-of-bounds issue when preparing trampoline image
2024-08-17 09:21:57
ubuntucve
ubuntucve
CVE-2024-43843
2024-08-17 00:00:00
vulnrichment
vulnrichment
CVE-2024-43843 riscv, bpf: Fix out-of-bounds issue when preparing trampoline image
2024-08-17 09:21:57
redhatcve
redhatcve
CVE-2024-43843
2024-08-19 13:16:18
nvd
nvd
CVE-2024-43843
2024-08-17 10:15:09
debiancve
debiancve
CVE-2024-43843
2024-08-17 10:15:09
osv
osv
CVE-2024-43843
2024-08-17 10:15:09

AI Score

6.5

Confidence

Low

EPSS

0

Percentile

9.5%

JSON
Related for CVE-2024-43843
cvelist1ubuntucve1vulnrichment1redhatcve1nvd1debiancve1osv1