CVE-2024-26884

EPSS 0.01%
Veröffentlicht 17.04.2024 11:15:10
Zuletzt bearbeitet 21.11.2024 09:03:17
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix hashtab overflow check on 32-bit arches

The hashtab code relies on roundup_pow_of_two() to compute the number of
hash buckets, and contains an overflow check by checking if the
resulting value is 0. However, on 32-bit arches, the roundup code itself
can overflow by doing a 32-bit left-shift of an unsigned long value,
which is undefined behaviour, so it is not guaranteed to truncate
neatly. This was triggered by syzbot on the DEVMAP_HASH type, which
contains the same check, copied from the hashtab code. So apply the same
fix to hashtab, by moving the overflow check to before the roundup.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.19 < 4.19.311

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.273

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.214

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.153

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.83

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.23

Linux ≫ Linux Kernel Version >= 6.7 < 6.7.11

Linux ≫ Linux Kernel Version >= 6.8 < 6.8.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.019

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

https://git.kernel.org/stable/c/33ec04cadb77605b71d9298311919303d390c4d5

Patch

https://git.kernel.org/stable/c/3b08cfc65f07b1132c1979d73f014ae6e04de55d

Patch

https://git.kernel.org/stable/c/64f00b4df0597590b199b62a37a165473bf658a6

Patch

https://git.kernel.org/stable/c/6787d916c2cf9850c97a0a3f73e08c43e7d973b1

Patch

https://git.kernel.org/stable/c/8435f0961bf3dc65e204094349bd9aeaac1f8868

Patch