CVE-2024-50262

Updated: 2024-12-19 11:38:55.984525

Description:

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key() trie_get_next_key() allocates a node stack with size trie->max_prefixlen, while it writes (trie->max_prefixlen + 1) nodes to the stack when it has full paths from the root to leaves. For example, consider a trie with max_prefixlen is 8, and the nodes with key 0x00/0, 0x00/1, 0x00/2, ... 0x00/8 inserted. Subsequent calls to trie_get_next_key with _key with .prefixlen = 8 make 9 nodes be written on the node stack with size 8.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Released CLSA-2025:1738671431 2025-02-05 02:21:12
AlmaLinux 9.2 FIPS kernel 5.14.0 7.8 HIGH Released CLSA-2025:1738670922 2025-02-05 02:21:08
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH In Testing CLSA-2025:1736778412 2025-02-01 23:54:45
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH In Testing CLSA-2025:1736778632 2025-02-11 00:36:40
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH In Testing CLSA-2025:1736783731 2025-02-01 23:54:44