In the Linux kernel, the following vulnerability has been resolved:
bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable
Test case dummy_st_ops/dummy_init_ret_value passes NULL as the first
parameter of the test_1() function. Mark this parameter as nullable to
make verifier aware of such possibility.
Otherwise, NULL check in the test_1() code:
SEC("struct_ops/test_1")
int BPF_PROG(test_1, struct bpf_dummy_ops_state *state)
{
if (!state)
return ...;
... access state ...
}
Might be removed by verifier, thus triggering NULL pointer dereference
under certain conditions.
References
Configurations
History
09 Dec 2024, 23:09
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
First Time |
Linux linux Kernel
Linux |
|
References | () https://git.kernel.org/stable/c/1479eaff1f16983d8fda7c5a08a586c21891087d - Patch | |
References | () https://git.kernel.org/stable/c/7f79097b0de97a486b137b750d7dd7b20b519d23 - Patch | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
CWE | CWE-476 |
Information
Published : 2024-07-30 08:15
Updated : 2024-12-09 23:09
NVD link : CVE-2024-42151
Mitre link : CVE-2024-42151
CVE.ORG link : CVE-2024-42151
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-476
NULL Pointer Dereference