CVE-2024-49850

MEDIUM EPSS 10.8%
Published Oct 21, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Oct 21, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos In case of malformed relocation record of kind BPF_CORE_TYPE_ID_LOCAL referencing a non-existing BTF type, function bpf_core_calc_relo_insn would cause a null pointer deference. Fix this by adding a proper check upper in call stack, as malformed relocation records could be passed from user space. Simplest reproducer is a program: r0 = 0 exit With a single relocation record: .insn_off = 0, /* patch first instruction */ .type_id = 100500, /* this type id does not exist */ .access_str_off = 6, /* offset of string "0" */ .kind = BPF_CORE_TYPE_ID_LOCAL, See the link for original reproducer or next commit for a test case.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
10.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥5.17  –  <6.1.113
linuxlinux_kernel*≥6.2  –  <6.6.54
linuxlinux_kernel*≥6.7  –  <6.10.13
linuxlinux_kernel*≥6.11  –  <6.11.2

References 6

  • git.kernel.org https://git.kernel.org/stable/c/2288b54b96dcb55bedebcef3572bb8821fc5e708
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3d2786d65aaa954ebd3fcc033ada433e10da21c4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/584cd3ff792e1edbea20b2a7df55897159b0be3e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dc7ce14f00bcd50641f2110b7a32aa6552e0780f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e7e9c5b2dda29067332df2a85b0141a92b41f218
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2288b54b96dcb55bedebcef3572bb8821fc5e708
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3d2786d65aaa954ebd3fcc033ada433e10da21c4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/584cd3ff792e1edbea20b2a7df55897159b0be3e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dc7ce14f00bcd50641f2110b7a32aa6552e0780f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e7e9c5b2dda29067332df2a85b0141a92b41f218
    Patch