Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2024-45020
HistorySep 11, 2024 - 3:13 p.m.

CVE-2024-45020 bpf: Fix a kernel verifier crash in stacksafe()

2024-09-1115:13:54
Linux
www.cve.org
3
linux kernel
kernel verifier crash
bpf vulnerability
stacksafe
memory access

EPSS

0

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix a kernel verifier crash in stacksafe()

Daniel Hodges reported a kernel verifier crash when playing with sched-ext.
Further investigation shows that the crash is due to invalid memory access
in stacksafe(). More specifically, it is the following code:

if (exact != NOT_EXACT &&
    old->stack[spi].slot_type[i % BPF_REG_SIZE] !=
    cur->stack[spi].slot_type[i % BPF_REG_SIZE])
        return false;

The ‘i’ iterates old->allocated_stack.
If cur->allocated_stack < old->allocated_stack the out-of-bound
access will happen.

To fix the issue add ‘i >= cur->allocated_stack’ check such that if
the condition is true, stacksafe() should fail. Otherwise,
cur->stack[spi].slot_type[i % BPF_REG_SIZE] memory access is legal.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "kernel/bpf/verifier.c"
    ],
    "versions": [
      {
        "version": "ab470fefce28",
        "lessThan": "7cad3174cc79",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "2793a8b015f7",
        "lessThan": "6e3987ac310c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "2793a8b015f7",
        "lessThan": "bed2eb964c70",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "kernel/bpf/verifier.c"
    ],
    "versions": [
      {
        "version": "6.7",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.7",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.48",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10.7",
        "lessThanOrEqual": "6.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.11",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

cve 1
nvd 1
debiancve 1
osv 1
cve
cve
CVE-2024-45020
2024-09-11 16:15:07
nvd
nvd
CVE-2024-45020
2024-09-11 16:15:07
debiancve
debiancve
CVE-2024-45020
2024-09-11 16:15:07
osv
osv
CVE-2024-45020
2024-09-11 16:15:07

EPSS

0

Percentile

5.1%

JSON
Related for CVELIST:CVE-2024-45020
cve1nvd1debiancve1osv1