CVE-2024-49987
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpftool: Fix undefined behavior in qsort(NULL, 0, …)
When netfilter has no entry to display, qsort is called with qsort(NULL, 0, …). This results in undefined behavior, as UBSan reports:
net.c:827:2: runtime error: null pointer passed as argument 1, which is declared to never be null
Although the C standard does not explicitly state whether calling qsort with a NULL pointer when the size is 0 constitutes undefined behavior, Section 7.1.4 of the C standard (Use of library functions) mentions:
"Each of the following statements applies unless explicitly stated otherwise in the detailed descriptions that follow: If an argument to a function has an invalid value (such as a value outside the domain of the function, or a pointer outside the address space of the program, or a null pointer, or a pointer to non-modifiable storage when the corresponding parameter is not const-qualified) or a type (after promotion) not expected by a function with variable number of arguments, the behavior is undefined."
To avoid this, add an early return when nf_link_info is NULL to prevent calling qsort with a NULL pointer.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | d0fe92fb5e3df6991c640fb9205d880b68603259 < c2d9f9a7837ab29ccae0c42252f17d436bf0a501 | affected |
| Linux | Linux | d0fe92fb5e3df6991c640fb9205d880b68603259 < 2e0f6f33f2aa87493b365a38a8fd87b8854b7734 | affected |
| Linux | Linux | d0fe92fb5e3df6991c640fb9205d880b68603259 < c208b02827eb642758cef65641995fd3f38c89af | affected |
| Linux | Linux | d0fe92fb5e3df6991c640fb9205d880b68603259 < f04e2ad394e2755d0bb2d858ecb5598718bf00d5 | affected |
| Linux | Linux | 6.4 | affected |
| Linux | Linux | 0 < 6.4 | unaffected |
| Linux | Linux | 6.6.55 <= 6.6.* | unaffected |
| Linux | Linux | 6.10.14 <= 6.10.* | unaffected |
| Linux | Linux | 6.11.3 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/c2d9f9a7837ab29ccae0c42252f17d436bf0a501
- https://git.kernel.org/stable/c/2e0f6f33f2aa87493b365a38a8fd87b8854b7734
- https://git.kernel.org/stable/c/c208b02827eb642758cef65641995fd3f38c89af
- https://git.kernel.org/stable/c/f04e2ad394e2755d0bb2d858ecb5598718bf00d5
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.