CVE-2024-50262
Published: Nov 9, 2024
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key() trie_get_next_key() allocates a node stack with size trie->max_prefixlen, while it writes (trie->max_prefixlen + 1) nodes to the stack when it has full paths from the root to leaves. For example, consider a trie with max_prefixlen is 8, and the nodes with key 0x00/0, 0x00/1, 0x00/2, ... 0x00/8 inserted. Subsequent calls to trie_get_next_key with _key with .prefixlen = 8 make 9 nodes be written on the node stack with size 8.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected b471f2f1de8b816f1e799b80aa92588f3566e4bd - < e8494ac079814a53fbc2258d2743e720907488edaffected b471f2f1de8b816f1e799b80aa92588f3566e4bd - < 91afbc0eb3c90258ae378ae3c6ead3d2371e926daffected b471f2f1de8b816f1e799b80aa92588f3566e4bd - < 590976f921723d53ac199c01d5b7b73a94875e68affected b471f2f1de8b816f1e799b80aa92588f3566e4bd - < 86c8ebe02d8806dd8878d0063e8e185622ab6ea6affected b471f2f1de8b816f1e799b80aa92588f3566e4bd - < a035df0b98df424559fd383e8e1a268f422ea2ba+3 more versions |
Linux | Linux | affected 4.16unaffected 0 - < 4.16unaffected 4.19.323 - <= 4.19.*unaffected 5.4.285 - <= 5.4.*unaffected 5.10.229 - <= 5.10.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now