CVE-2024-50262

bpf: Fix out-of-bounds write in trie_get_next_key()

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key() trie_get_next_key() allocates a node stack with size trie->max_prefixlen,
while it writes (trie->max_prefixlen + 1) nodes to the stack when it has
full paths from the root to leaves. For example, consider a trie with
max_prefixlen is 8, and the nodes with key 0x00/0, 0x00/1, 0x00/2, ...
0x00/8 inserted. Subsequent calls to trie_get_next_key with _key with
.prefixlen = 8 make 9 nodes be written on the node stack with size 8.

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key() trie_get_next_key() allocates a node stack with size trie->max_prefixlen, while it writes (trie->max_prefixlen + 1) nodes to the stack when it has full paths from the root to leaves. For example, consider a trie with max_prefixlen is 8, and the nodes with key 0x00/0, 0x00/1, 0x00/2, ... 0x00/8 inserted. Subsequent calls to trie_get_next_key with _key with .prefixlen = 8 make 9 nodes be written on the node stack with size 8.

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-10-21 CVE Reserved
2024-11-09 CVE Published
2024-12-19 CVE Updated
2025-03-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/b471f2f1de8b816f1e799b80aa92588f3566e4bd	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/e8494ac079814a53fbc2258d2743e720907488ed	2024-11-08
https://git.kernel.org/stable/c/91afbc0eb3c90258ae378ae3c6ead3d2371e926d	2024-11-08
https://git.kernel.org/stable/c/590976f921723d53ac199c01d5b7b73a94875e68	2024-11-08
https://git.kernel.org/stable/c/86c8ebe02d8806dd8878d0063e8e185622ab6ea6	2024-11-08
https://git.kernel.org/stable/c/a035df0b98df424559fd383e8e1a268f422ea2ba	2024-11-08
https://git.kernel.org/stable/c/90a6e0e1e151ef7a9282e78f54c3091de2dcc99c	2024-11-08
https://git.kernel.org/stable/c/c4b4f9a9ab82238cb158fa4fe61a8c0ae21a4980	2024-11-08
https://git.kernel.org/stable/c/13400ac8fb80c57c2bfb12ebd35ee121ce9b4d21	2024-10-29

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-50262	2024-12-19
https://bugzilla.redhat.com/show_bug.cgi?id=2324892	2024-12-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 4.19.323 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 4.19.323"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 5.4.285 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.4.285"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 5.10.229 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.10.229"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 5.15.171 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.15.171"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.1.116 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.1.116"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.6.60 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.6.60"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.11.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.11.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.12"		en		Affected