CVE-2024-49850
Published: Oct 21, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos In case of malformed relocation record of kind BPF_CORE_TYPE_ID_LOCAL referencing a non-existing BTF type, function bpf_core_calc_relo_insn would cause a null pointer deference. Fix this by adding a proper check upper in call stack, as malformed relocation records could be passed from user space. Simplest reproducer is a program: r0 = 0 exit With a single relocation record: .insn_off = 0, /* patch first instruction */ .type_id = 100500, /* this type id does not exist */ .access_str_off = 6, /* offset of string "0" */ .kind = BPF_CORE_TYPE_ID_LOCAL, See the link for original reproducer or next commit for a test case.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 74753e1462e77349525daf9eb60ea21ed92d3a97 - < dc7ce14f00bcd50641f2110b7a32aa6552e0780faffected 74753e1462e77349525daf9eb60ea21ed92d3a97 - < 2288b54b96dcb55bedebcef3572bb8821fc5e708affected 74753e1462e77349525daf9eb60ea21ed92d3a97 - < 584cd3ff792e1edbea20b2a7df55897159b0be3eaffected 74753e1462e77349525daf9eb60ea21ed92d3a97 - < e7e9c5b2dda29067332df2a85b0141a92b41f218affected 74753e1462e77349525daf9eb60ea21ed92d3a97 - < 3d2786d65aaa954ebd3fcc033ada433e10da21c4 |
Linux | Linux | affected 5.17unaffected 0 - < 5.17unaffected 6.1.113 - <= 6.1.*unaffected 6.6.54 - <= 6.6.*unaffected 6.10.13 - <= 6.10.*+2 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now