CVE-2024-36918

EPSS 0.02%
Veröffentlicht 30.05.2024 16:15:15
Zuletzt bearbeitet 17.09.2025 22:18:22
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

bpf: Check bloom filter map value size

This patch adds a missing check to bloom filter creating, rejecting
values above KMALLOC_MAX_SIZE. This brings the bloom map in line with
many other map types.

The lack of this protection can cause kernel crashes for value sizes
that overflow int's. Such a crash was caught by syzkaller. The next
patch adds more guard-rails at a lower level.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.91

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.31

Linux ≫ Linux Kernel Version >= 6.7 < 6.8.10

Linux ≫ Linux Kernel Version6.9 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.04

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c

Patch

https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687

Patch

https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d

Patch

https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-36918

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-36918

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-36918

EUVD