CVE-2024-50262

Summary

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix out-of-bounds write in trie_get_next_key()

trie_get_next_key() allocates a node stack with size trie->max_prefixlen, while it writes (trie->max_prefixlen + 1) nodes to the stack when it has full paths from the root to leaves. For example, consider a trie with max_prefixlen is 8, and the nodes with key 0x00/0, 0x00/1, 0x00/2, … 0x00/8 inserted. Subsequent calls to trie_get_next_key with _key with .prefixlen = 8 make 9 nodes be written on the node stack with size 8.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb471f2f1de8b816f1e799b80aa92588f3566e4bd < e8494ac079814a53fbc2258d2743e720907488edaffected
LinuxLinuxb471f2f1de8b816f1e799b80aa92588f3566e4bd < 91afbc0eb3c90258ae378ae3c6ead3d2371e926daffected
LinuxLinuxb471f2f1de8b816f1e799b80aa92588f3566e4bd < 590976f921723d53ac199c01d5b7b73a94875e68affected
LinuxLinuxb471f2f1de8b816f1e799b80aa92588f3566e4bd < 86c8ebe02d8806dd8878d0063e8e185622ab6ea6affected
LinuxLinuxb471f2f1de8b816f1e799b80aa92588f3566e4bd < a035df0b98df424559fd383e8e1a268f422ea2baaffected
LinuxLinuxb471f2f1de8b816f1e799b80aa92588f3566e4bd < 90a6e0e1e151ef7a9282e78f54c3091de2dcc99caffected
LinuxLinuxb471f2f1de8b816f1e799b80aa92588f3566e4bd < c4b4f9a9ab82238cb158fa4fe61a8c0ae21a4980affected
LinuxLinuxb471f2f1de8b816f1e799b80aa92588f3566e4bd < 13400ac8fb80c57c2bfb12ebd35ee121ce9b4d21affected
LinuxLinux4.16affected
LinuxLinux0 < 4.16unaffected
LinuxLinux4.19.323 <= 4.19.*unaffected
LinuxLinux5.4.285 <= 5.4.*unaffected
LinuxLinux5.10.229 <= 5.10.*unaffected
LinuxLinux5.15.171 <= 5.15.*unaffected
LinuxLinux6.1.116 <= 6.1.*unaffected
LinuxLinux6.6.60 <= 6.6.*unaffected
LinuxLinux6.11.7 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

Additional References

References