CVE-2024-36918
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Check bloom filter map value size
This patch adds a missing check to bloom filter creating, rejecting values above KMALLOC_MAX_SIZE. This brings the bloom map in line with many other map types.
The lack of this protection can cause kernel crashes for value sizes that overflow int's. Such a crash was caught by syzkaller. The next patch adds more guard-rails at a lower level.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 9330986c03006ab1d33d243b7cfe598a7a3c1baa < fa6995eeb62e74b5a1480c73fb7b420c270784d3 | affected |
| Linux | Linux | 9330986c03006ab1d33d243b7cfe598a7a3c1baa < 608e13706c8b6c658a0646f09ebced74ec367f7c | affected |
| Linux | Linux | 9330986c03006ab1d33d243b7cfe598a7a3c1baa < c418afb9bf23e2f2b76cb819601e4a5d9dbab42d | affected |
| Linux | Linux | 9330986c03006ab1d33d243b7cfe598a7a3c1baa < a8d89feba7e54e691ca7c4efc2a6264fa83f3687 | affected |
| Linux | Linux | 5.16 | affected |
| Linux | Linux | 0 < 5.16 | unaffected |
| Linux | Linux | 6.1.91 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.31 <= 6.6.* | unaffected |
| Linux | Linux | 6.8.10 <= 6.8.* | unaffected |
| Linux | Linux | 6.9 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3
- https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c
- https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d
- https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3
- https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c
- https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d
- https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.