CVE-2024-35903

Summary

In the Linux kernel, the following vulnerability has been resolved:

x86/bpf: Fix IP after emitting call depth accounting

Adjust the IP passed to emit_patch so it calculates the correct offset for the CALL instruction if x86_call_depth_emit_accounting emits code. Otherwise we will skip some instructions and most likely crash.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb2e9dfe54be4d023124d588d6f03d16a9c0d2507 < 3f9d57c771656bfd651e22edcfdb5f60e62542d4affected
LinuxLinuxb2e9dfe54be4d023124d588d6f03d16a9c0d2507 < 81166178cf0a0062a22b1b3b5368183d39577028affected
LinuxLinuxb2e9dfe54be4d023124d588d6f03d16a9c0d2507 < 9d98aa088386aee3db1b7b60b800c0fde0654a4aaffected
LinuxLinux6.2affected
LinuxLinux0 < 6.2unaffected
LinuxLinux6.6.26 <= 6.6.*unaffected
LinuxLinux6.8.5 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References