CVE-2024-42151

2024-07-3008:15:06

Google

osv.dev

linux kernel

vulnerability

bpf_dummy_struct_ops

AI Score

6.3

Confidence

Low

JSON

In the Linux kernel, the following vulnerability has been resolved:

bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable

Test case dummy_st_ops/dummy_init_ret_value passes NULL as the first
parameter of the test_1() function. Mark this parameter as nullable to
make verifier aware of such possibility.
Otherwise, NULL check in the test_1() code:

  SEC("struct_ops/test_1")
  int BPF_PROG(test_1, struct bpf_dummy_ops_state *state)
  {
        if (!state)
                return ...;

        ... access state ...
  }

Might be removed by verifier, thus triggering NULL pointer dereference
under certain conditions.