CVE-2024-26884

CVSS v3.1 7.8 (High)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 35

NVD Status Modified

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix hashtab overflow check on 32-bit arches

The hashtab code relies on roundup_pow_of_two() to compute the number of
hash buckets, and contains an overflow check by checking if the
resulting value is 0. However, on 32-bit arches, the roundup code itself
can overflow by doing a 32-bit left-shift of an unsigned long value,
which is undefined behaviour, so it is not guaranteed to truncate
neatly. This was triggered by syzbot on the DEVMAP_HASH type, which
contains the same check, copied from the hashtab code. So apply the same
fix to hashtab, by moving the overflow check to before the roundup.

Weaknesses

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE Status: PUBLISHED
NVD Status: Modified
CNA: kernel.org
Published Date: 2024-04-17 11:15:10
(5 months ago)
Updated Date: 2024-06-27 12:15:22
(2 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 3.19 version and prior 4.19.311 version	cpe:2.3:o:linux:linux_kernel	>= 3.19	< 4.19.311
Linux Kernel from 4.20 version and prior 5.4.273 version	cpe:2.3:o:linux:linux_kernel	>= 4.20	< 5.4.273
Linux Kernel from 5.5 version and prior 5.10.214 version	cpe:2.3:o:linux:linux_kernel	>= 5.5	< 5.10.214
Linux Kernel from 5.11 version and prior 5.15.153 version	cpe:2.3:o:linux:linux_kernel	>= 5.11	< 5.15.153
Linux Kernel from 5.16 version and prior 6.1.83 version	cpe:2.3:o:linux:linux_kernel	>= 5.16	< 6.1.83
Linux Kernel from 6.2 version and prior 6.6.23 version	cpe:2.3:o:linux:linux_kernel	>= 6.2	< 6.6.23
Linux Kernel from 6.7 version and prior 6.7.11 version	cpe:2.3:o:linux:linux_kernel	>= 6.7	< 6.7.11
Linux Kernel from 6.8 version and prior 6.8.2 version	cpe:2.3:o:linux:linux_kernel	>= 6.8	< 6.8.2