5.5

CVE-2024-56720

bpf, sockmap: Several fixes to bpf_msg_pop_data

In the Linux kernel, the following vulnerability has been resolved:

bpf, sockmap: Several fixes to bpf_msg_pop_data

Several fixes to bpf_msg_pop_data,
1. In sk_msg_shift_left, we should put_page
2. if (len == 0), return early is better
3. pop the entire sk_msg (last == msg->sg.size) should be supported
4. Fix for the value of variable "a"
5. In sk_msg_shift_left, after shifting, i has already pointed to the next
element. Addtional sk_msg_iter_var_next may result in BUG.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.0 < 5.4.287
LinuxLinux Kernel Version >= 5.5 < 5.10.231
LinuxLinux Kernel Version >= 5.11 < 5.15.174
LinuxLinux Kernel Version >= 5.16 < 6.1.120
LinuxLinux Kernel Version >= 6.2 < 6.6.64
LinuxLinux Kernel Version >= 6.7 < 6.11.11
LinuxLinux Kernel Version >= 6.12 < 6.12.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.134
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-193 Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/275a9f3ef8fabb0cb282a62b9e164dedba7284c5
Patch
https://git.kernel.org/stable/c/5d609ba262475db450ba69b8e8a557bd768ac07a
Patch
https://git.kernel.org/stable/c/785180bed9879680d8e5c5e1b54c8ae8d948f4c8
Patch
https://git.kernel.org/stable/c/98c7ea7d11f2588e8197db042e0291e4ac8f8346
Patch
https://git.kernel.org/stable/c/d26d977633d1d0b8bf9407278189bd0a8d973323
Patch
https://git.kernel.org/stable/c/d3f5763b3062514a234114e97bbde74d8d702449
Patch
https://git.kernel.org/stable/c/e1f54c61c4c9a5244eb8159dce60d248f7d97b32
Patch
https://git.kernel.org/stable/c/f58d3aa457e77a3d9b3df2ab081dcf9950f6029f
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html