CVE-2024-36481

Summary

In the Linux kernel, the following vulnerability has been resolved:

tracing/probes: fix error check in parse_btf_field()

btf_find_struct_member() might return NULL or an error via the ERR_PTR() macro. However, its caller in parse_btf_field() only checks for the NULL condition. Fix this by using IS_ERR() and returning the error up the stack.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc440adfbe30257dde905adc1fce51131145f7245 < ad4b202da2c498fefb69e5d87f67b946e7fe1e6aaffected
LinuxLinuxc440adfbe30257dde905adc1fce51131145f7245 < 4ed468edfeb54c7202e559eba74c25fac6a0dad0affected
LinuxLinuxc440adfbe30257dde905adc1fce51131145f7245 < e569eb34970281438e2b48a3ef11c87459fcfbcbaffected
LinuxLinux6.6affected
LinuxLinux0 < 6.6unaffected
LinuxLinux6.6.33 <= 6.6.*unaffected
LinuxLinux6.9.4 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References