CVE-2024-36918

bpf: Check bloom filter map value size

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

bpf: Check bloom filter map value size

This patch adds a missing check to bloom filter creating, rejecting
values above KMALLOC_MAX_SIZE. This brings the bloom map in line with
many other map types.

The lack of this protection can cause kernel crashes for value sizes
that overflow int's. Such a crash was caught by syzkaller. The next
patch adds more guard-rails at a lower level.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bpf: Verificar el tamaño del valor del mapa del filtro de floración. Este parche agrega una verificación faltante para la creación del filtro de floración, rechazando valores superiores a KMALLOC_MAX_SIZE. Esto alinea el mapa de floración con muchos otros tipos de mapas. La falta de esta protección puede provocar fallas del kernel para tamaños de valores que desbordan los de int. Syzkaller captó tal accidente. El siguiente parche agrega más barandillas en un nivel inferior.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-30 CVE Reserved
2024-05-30 CVE Published
2024-05-31 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3	2024-05-17
https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c	2024-05-17
https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d	2024-05-17
https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687	2024-03-27

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.91 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.91"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.31 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.31"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.8.10 Search vendor "Linux" for product "Linux Kernel" and version " < 6.8.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.9 Search vendor "Linux" for product "Linux Kernel" and version " < 6.9"		en		Affected