CVE-2024-50203

Published Nov 8, 2024

Last updated 3 months ago

CVSS high 7.8

Overview

Description
In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix address emission with tag-based KASAN enabled When BPF_TRAMP_F_CALL_ORIG is enabled, the address of a bpf_tramp_image struct on the stack is passed during the size calculation pass and an address on the heap is passed during code generation. This may cause a heap buffer overflow if the heap address is tagged because emit_a64_mov_i64() will emit longer code than it did during the size calculation pass. The same problem could occur without tag-based KASAN if one of the 16-bit words of the stack address happened to be all-ones during the size calculation pass. Fix the problem by assuming the worst case (4 instructions) when calculating the size of the bpf_tramp_image address emission.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

nvd@nist.gov
CWE-787

Social media

Hype score
Not currently trending

  1. CVE-2024-50203 Heap Buffer Overflow Fix in Linux Kernel's BPF with KASAN In the Linux kernel, a vulnerability has been fixed: This issue is with bpf and arm64 when tag-based KASAN is on. If BPF_TRAMP_F_CALL_ORIG... https://t.co/pri4tGXJxD

    @VulmonFeeds

    8 Nov 2024

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-50203 In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix address emission with tag-based KASAN enabled When BPF_TRAMP_F_CALL_ORIG is enab… https://t.co/ONFuwosgRb

    @CVEnew

    8 Nov 2024

    475 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References