CVE-2024-50203
Published: Nov 8, 2024
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix address emission with tag-based KASAN enabled When BPF_TRAMP_F_CALL_ORIG is enabled, the address of a bpf_tramp_image struct on the stack is passed during the size calculation pass and an address on the heap is passed during code generation. This may cause a heap buffer overflow if the heap address is tagged because emit_a64_mov_i64() will emit longer code than it did during the size calculation pass. The same problem could occur without tag-based KASAN if one of the 16-bit words of the stack address happened to be all-ones during the size calculation pass. Fix the problem by assuming the worst case (4 instructions) when calculating the size of the bpf_tramp_image address emission.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 077149478497b2f00ff4fd9da2c892defa6418d8 - < 9e80f366ebfdfafc685fe83a84c34f7ef01cbe88affected d9664e6ff040798a46cdc5d401064f55b8676c83 - < f521c2a0c0c4585f36d912bf62c852b88682c4f2affected 19d3c179a37730caf600a97fed3794feac2b197b - < 7db1a2121f3c7903b8e397392beec563c3d00950affected 19d3c179a37730caf600a97fed3794feac2b197b - < a552e2ef5fd1a6c78267cd4ec5a9b49aa11bbb1caffected 6d218fcc707d6b2c3616b6cd24b948fd4825cfec+1 more versions |
Linux | Linux | affected 6.11unaffected 0 - < 6.11unaffected 6.11.6 - <= 6.11.*unaffected 6.12 - <= * |
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now