CVE-2024-43838

In the Linux kernel, the following vulnerability has been resolved: bpf: fix overflow check in adjust_jmp_off() adjust_jmp_off() incorrectly used the insn->imm field for all overflow check, which is incorrect as that should only be done or the BPF_JMP32 | BPF_JA case, not the general jump instruction case. Fix it by using insn->off for overflow check in the general case.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

29 Oct 2024, 16:24

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/345652866a8869825a2a582ee5a28d75141f184a - () https://git.kernel.org/stable/c/345652866a8869825a2a582ee5a28d75141f184a - Patch
References () https://git.kernel.org/stable/c/4a04b4f0de59dd5c621e78f15803ee0b0544eeb8 - () https://git.kernel.org/stable/c/4a04b4f0de59dd5c621e78f15803ee0b0544eeb8 - Patch
First Time Linux linux Kernel
Linux
CWE CWE-190
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

19 Aug 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bpf: corrigió la verificación de desbordamiento en ajustar_jmp_off() ajuste_jmp_off() usó incorrectamente el campo insn->imm para toda la verificación de desbordamiento, lo cual es incorrecto ya que eso solo debe hacerse o el BPF_JMP32 | Caso BPF_JA, no el caso de instrucción de salto general. Solucionelo usando insn->off para verificar el desbordamiento en el caso general.

17 Aug 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-17 10:15

Updated : 2024-10-29 16:24


NVD link : CVE-2024-43838

Mitre link : CVE-2024-43838

CVE.ORG link : CVE-2024-43838


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-190

Integer Overflow or Wraparound