In the Linux kernel, the following vulnerability has been resolved: libbpf:
Use OPTS_SET() macro in bpf_xdp_query() When the feature_flags and
xdp_zc_max_segs fields were added to the libbpf bpf_xdp_query_opts, the
code writing them did not use the OPTS_SET() macro. This causes libbpf to
write to those fields unconditionally, which means that programs compiled
against an older version of libbpf (with a smaller size of the
bpf_xdp_query_opts struct) will have its stack corrupted by libbpf writing
out of bounds. The patch adding the feature_flags field has an early bail
out if the feature_flags field is not part of the opts struct (via the
OPTS_HAS) macro, but the patch adding xdp_zc_max_segs does not. For
consistency, this fix just changes the assignments to both fields to use
the OPTS_SET() macro.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 24.04 | noarch | linux | < 6.8.0-35.35 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < 6.8.0-1009.9 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-azure | < 6.8.0-1008.8 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gcp | < 6.8.0-1008.9 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gke | < 6.8.0-1004.7 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-ibm | < 6.8.0-1006.6 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-lowlatency | < 6.8.0-35.35.1 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-oem-6.8 | < 6.8.0-1006.6 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-oracle | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-raspi | < 6.8.0-1005.5 | UNKNOWN |
git.kernel.org/linus/92a871ab9fa59a74d013bc04f321026a057618e7 (6.9-rc1)
git.kernel.org/stable/c/682ddd62abd4bdcee7584246903e7a2df005fe0d
git.kernel.org/stable/c/92a871ab9fa59a74d013bc04f321026a057618e7
git.kernel.org/stable/c/cd3be9843247edb8fc6fcd8d8237cbce2bc19f5e
git.kernel.org/stable/c/fa5bef5e80c6a3321b2b1a7070436f3bc5daf07c
launchpad.net/bugs/cve/CVE-2024-27050
nvd.nist.gov/vuln/detail/CVE-2024-27050
security-tracker.debian.org/tracker/CVE-2024-27050
ubuntu.com/security/notices/USN-6816-1
ubuntu.com/security/notices/USN-6817-1
ubuntu.com/security/notices/USN-6817-2
ubuntu.com/security/notices/USN-6817-3
www.cve.org/CVERecord?id=CVE-2024-27050