CVE-2024-50123

Summary

In the Linux kernel, the following vulnerability has been resolved:

bpf: Add the missing BPF_LINK_TYPE invocation for sockmap

There is an out-of-bounds read in bpf_link_show_fdinfo() for the sockmap link fd. Fix it by adding the missing BPF_LINK_TYPE invocation for sockmap link

Also add comments for bpf_link_type to prevent missing updates in the future.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux699c23f02c65cbfc3e638f14ce0d70c23a2e1f02 < 6d79f12c0ce2bc8ff5f109093df1734bd6450615affected
LinuxLinux699c23f02c65cbfc3e638f14ce0d70c23a2e1f02 < c2f803052bc7a7feb2e03befccc8e49b6ff1f5f5affected
LinuxLinux6.10affected
LinuxLinux0 < 6.10unaffected
LinuxLinux6.11.6 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References