// For flags

CVE-2024-50165

bpf: Preserve param->string when parsing mount options

Severity Score

"-"
*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

bpf: Preserve param->string when parsing mount options

In bpf_parse_param(), keep the value of param->string intact so it can
be freed later. Otherwise, the kmalloc area pointed to by param->string
will be leaked as shown below:

unreferenced object 0xffff888118c46d20 (size 8):
comm "new_name", pid 12109, jiffies 4295580214
hex dump (first 8 bytes):
61 6e 79 00 38 c9 5c 7e any.8.\~
backtrace (crc e1b7f876):
[<00000000c6848ac7>] kmemleak_alloc+0x4b/0x80
[<00000000de9f7d00>] __kmalloc_node_track_caller_noprof+0x36e/0x4a0
[<000000003e29b886>] memdup_user+0x32/0xa0
[<0000000007248326>] strndup_user+0x46/0x60
[<0000000035b3dd29>] __x64_sys_fsconfig+0x368/0x3d0
[<0000000018657927>] x64_sys_call+0xff/0x9f0
[<00000000c0cabc95>] do_syscall_64+0x3b/0xc0
[<000000002f331597>] entry_SYSCALL_64_after_hwframe+0x4b/0x53

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: preservar param-&gt;string al analizar las opciones de montaje. En bpf_parse_param(), mantenga intacto el valor de param-&gt;string para que pueda liberarse más tarde. De lo contrario, el área kmalloc a la que apunta param-&gt;string se filtrará como se muestra a continuación: objeto sin referencia 0xffff888118c46d20 (tamaño 8): comm "new_name", pid 12109, jiffies 4295580214 volcado hexadecimal (primeros 8 bytes): 61 6e 79 00 38 c9 5c 7e any.8.\~ backtrace (crc e1b7f876): [&lt;00000000c6848ac7&gt;] kmemleak_alloc+0x4b/0x80 [&lt;00000000de9f7d00&gt;] __kmalloc_node_track_caller_noprof+0x36e/0x4a0 [&lt;000000003e29b886&gt;] memdup_user+0x32/0xa0 [&lt;0000000007248326&gt;] strndup_user+0x46/0x60 [&lt;0000000035b3dd29&gt;] __x64_sys_fsconfig+0x368/0x3d0 [&lt;0000000018657927&gt;] x64_sys_call+0xff/0x9f0 [&lt;00000000c0cabc95&gt;] do_syscall_64+0x3b/0xc0 [&lt;000000002f331597&gt;] entrada_SYSCALL_64_after_hwframe+0x4b/0x53

*Credits: N/A
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2024-10-21 CVE Reserved
  • 2024-11-07 CVE Published
  • 2024-11-07 CVE Updated
  • ---------- EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.9 < 6.11.6
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.9 < 6.11.6"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.9 < 6.12-rc5
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.9 < 6.12-rc5"
en
Affected