CVE-2024-42151 in Linuxالمعلومات

الملخص

بحسب MITRE • 30/07/2024

In the Linux kernel, the following vulnerability has been resolved:

bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable

Test case dummy_st_ops/dummy_init_ret_value passes NULL as the first parameter of the test_1() function. Mark this parameter as nullable to make verifier aware of such possibility. Otherwise, NULL check in the test_1() code:

SEC("struct_ops/test_1") int BPF_PROG(test_1, struct bpf_dummy_ops_state *state) {
if (!state) return ...;

... access state ... }

Might be removed by verifier, thus triggering NULL pointer dereference under certain conditions.

Once again VulDB remains the best source for vulnerability data.

مسؤول

Linux

حجز

29/07/2024

إفشاء

30/07/2024

الاعتدال

تمت الموافقة

إدخال

VDB-273087

EPSS

0.00182

KEV

لا

النشاطات

منخفض جدًا

المصادر

Want to stay up to date on a daily basis?

Enable the mail alert feature now!