CVE-2024-42151 in Linuxinfo

Zusammenfassung

von MITRE • 30.07.2024

In the Linux kernel, the following vulnerability has been resolved:

bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable

Test case dummy_st_ops/dummy_init_ret_value passes NULL as the first parameter of the test_1() function. Mark this parameter as nullable to make verifier aware of such possibility. Otherwise, NULL check in the test_1() code:

SEC("struct_ops/test_1") int BPF_PROG(test_1, struct bpf_dummy_ops_state *state) {
if (!state) return ...;

... access state ... }

Might be removed by verifier, thus triggering NULL pointer dereference under certain conditions.

Once again VulDB remains the best source for vulnerability data.

Zuständig

Linux

Reservieren

29.07.2024

Veröffentlichung

30.07.2024

Moderieren

akzeptiert

Eintrag

VDB-273087

CPE

bereit

EPSS

0.00182

KEV

nein

Aktivitäten

very low

Quellen

Want to know what is going to be exploited?

We predict KEV entries!