CVE - CVE-2024-47728

CVE-ID
CVE-2024-47728	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error For all non-tracing helpers which formerly had ARG_PTR_TO_{LONG,INT} as input arguments, zero the value for the case of an error as otherwise it could leak memory. For tracing, it is not needed given CAP_PERFMON can already read all kernel memory anyway hence bpf_get_func_arg() and bpf_get_func_ret() is skipped in here. Also, the MTU helpers mtu_len pointer value is being written but also read. Technically, the MEM_UNINIT should not be there in order to always force init. Removing MEM_UNINIT needs more verifier rework though: MEM_UNINIT right now implies two things actually: i) write into memory, ii) memory does not have to be initialized. If we lift MEM_UNINIT, it then becomes: i) read into memory, ii) memory must be initialized. This means that for bpf__check_mtu() we're readding the issue we're trying to fix, that is, it would then be able to write back into things like .rodata BPF maps. Follow-up work will rework the MEM_UNINIT semantics such that the intent can be better expressed. For now just clear the mtu_len on error path which can be lifted later again.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/4b3786a6c5397dc220b1483d8e2f4867743e966f URL:https://git.kernel.org/stable/c/4b3786a6c5397dc220b1483d8e2f4867743e966f MISC:https://git.kernel.org/stable/c/594a9f5a8d2de2573a856e506f77ba7dd2cefc6a URL:https://git.kernel.org/stable/c/594a9f5a8d2de2573a856e506f77ba7dd2cefc6a MISC:https://git.kernel.org/stable/c/599d15b6d03356a97bff7a76155c5604c42a2962 URL:https://git.kernel.org/stable/c/599d15b6d03356a97bff7a76155c5604c42a2962 MISC:https://git.kernel.org/stable/c/8397bf78988f3ae9dbebb0200189a62a57264980 URL:https://git.kernel.org/stable/c/8397bf78988f3ae9dbebb0200189a62a57264980 MISC:https://git.kernel.org/stable/c/a634fa8e480ac2423f86311a602f6295df2c8ed0 URL:https://git.kernel.org/stable/c/a634fa8e480ac2423f86311a602f6295df2c8ed0
Assigning CNA
kernel.org
Date Record Created
20240930	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240930)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)