CVE-2024-46754

{"id": "CVE-2024-46754", "cveTags": [], "metrics": {}, "published": "2024-09-18T08:15:04.153", "references": [{"url": "https://git.kernel.org/stable/c/9cd15511de7c619bbd0f54bb3f28e6e720ded5d6", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c13fda93aca118b8e5cd202e339046728ee7dddb", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Remove tst_run from lwt_seg6local_prog_ops.\n\nThe syzbot reported that the lwt_seg6 related BPF ops can be invoked\nvia bpf_test_run() without without entering input_action_end_bpf()\nfirst.\n\nMartin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL\nprobably didn't work since it was introduced in commit 04d4b274e2a\n(\"ipv6: sr: Add seg6local action End.BPF\"). The reason is that the\nper-CPU variable seg6_bpf_srh_states::srh is never assigned in the self\ntest case but each BPF function expects it.\n\nRemove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: eliminar tst_run de lwt_seg6local_prog_ops. El syzbot inform\u00f3 que las operaciones BPF relacionadas con lwt_seg6 se pueden invocar mediante bpf_test_run() sin ingresar primero input_action_end_bpf(). Martin KaFai Lau dijo que la autoprueba para BPF_PROG_TYPE_LWT_SEG6LOCAL probablemente no funcion\u00f3 ya que se introdujo en el commit 04d4b274e2a (\"ipv6: sr: Agregar acci\u00f3n seg6local End.BPF\"). La raz\u00f3n es que la variable por CPU seg6_bpf_srh_states::srh nunca se asigna en el caso de la autoprueba, pero cada funci\u00f3n BPF lo espera. Eliminar test_run para BPF_PROG_TYPE_LWT_SEG6LOCAL."}], "lastModified": "2024-09-20T12:30:51.220", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}