CVE-2024-35903
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/bpf: Fix IP after emitting call depth accounting
Adjust the IP passed to emit_patch so it calculates the correct offset
for the CALL instruction if x86_call_depth_emit_accounting emits code.
Otherwise we will skip some instructions and most likely crash.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | b2e9dfe54be4d023124d588d6f03d16a9c0d2507 < 3f9d57c771656bfd651e22edcfdb5f60e62542d4 | affected |
| Linux | Linux | b2e9dfe54be4d023124d588d6f03d16a9c0d2507 < 81166178cf0a0062a22b1b3b5368183d39577028 | affected |
| Linux | Linux | b2e9dfe54be4d023124d588d6f03d16a9c0d2507 < 9d98aa088386aee3db1b7b60b800c0fde0654a4a | affected |
| Linux | Linux | 6.2 | affected |
| Linux | Linux | 0 < 6.2 | unaffected |
| Linux | Linux | 6.6.26 <= 6.6.* | unaffected |
| Linux | Linux | 6.8.5 <= 6.8.* | unaffected |
| Linux | Linux | 6.9 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/3f9d57c771656bfd651e22edcfdb5f60e62542d4
- https://git.kernel.org/stable/c/81166178cf0a0062a22b1b3b5368183d39577028
- https://git.kernel.org/stable/c/9d98aa088386aee3db1b7b60b800c0fde0654a4a
References
- https://git.kernel.org/stable/c/3f9d57c771656bfd651e22edcfdb5f60e62542d4
- https://git.kernel.org/stable/c/81166178cf0a0062a22b1b3b5368183d39577028
- https://git.kernel.org/stable/c/9d98aa088386aee3db1b7b60b800c0fde0654a4a
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.