CVE-2024-46754
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Remove tst_run from lwt_seg6local_prog_ops.
The syzbot reported that the lwt_seg6 related BPF ops can be invoked via bpf_test_run() without without entering input_action_end_bpf() first.
Martin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL probably didn't work since it was introduced in commit 04d4b274e2a ("ipv6: sr: Add seg6local action End.BPF"). The reason is that the per-CPU variable seg6_bpf_srh_states::srh is never assigned in the self test case but each BPF function expects it.
Remove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 004d4b274e2a1a895a0e5dc66158b90a7d463d44 < 9cd15511de7c619bbd0f54bb3f28e6e720ded5d6 | affected |
| Linux | Linux | 004d4b274e2a1a895a0e5dc66158b90a7d463d44 < c13fda93aca118b8e5cd202e339046728ee7dddb | affected |
| Linux | Linux | 4.18 | affected |
| Linux | Linux | 0 < 4.18 | unaffected |
| Linux | Linux | 6.10.10 <= 6.10.* | unaffected |
| Linux | Linux | 6.11 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/9cd15511de7c619bbd0f54bb3f28e6e720ded5d6
- https://git.kernel.org/stable/c/c13fda93aca118b8e5cd202e339046728ee7dddb
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.