In the Linux kernel, the following vulnerability has been resolved:
bpf, arm64: Fix address emission with tag-based KASAN enabled
When BPF_TRAMP_F_CALL_ORIG is enabled, the address of a bpf_tramp_image
struct on the stack is passed during the size calculation pass and
an address on the heap is passed during code generation. This may
cause a heap buffer overflow if the heap address is tagged because
emit_a64_mov_i64() will emit longer code than it did during the size
calculation pass. The same problem could occur without tag-based
KASAN if one of the 16-bit words of the stack address happened to
be all-ones during the size calculation pass. Fix the problem by
assuming the worst case (4 instructions) when calculating the size
of the bpf_tramp_image address emission.
References
Configurations
Configuration 1 (hide)
|
History
19 Nov 2024, 16:16
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
References | () https://git.kernel.org/stable/c/7db1a2121f3c7903b8e397392beec563c3d00950 - Patch | |
References | () https://git.kernel.org/stable/c/a552e2ef5fd1a6c78267cd4ec5a9b49aa11bbb1c - Patch | |
CWE | CWE-787 | |
First Time |
Linux linux Kernel
Linux |
08 Nov 2024, 19:01
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
08 Nov 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-08 06:15
Updated : 2024-11-19 16:16
NVD link : CVE-2024-50203
Mitre link : CVE-2024-50203
CVE.ORG link : CVE-2024-50203
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-787
Out-of-bounds Write