Out-of-bounds Read Affecting kernel-64k-debug-devel package, versions <0:5.14.0-503.19.1.el9_5


Severity

Recommended
0.0
medium
0
10

Based on Red Hat Enterprise Linux security rating.

Threat Intelligence

EPSS
0.04% (6th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL9-KERNEL64KDEBUGDEVEL-7934359
  • published12 Sept 2024
  • disclosed11 Sept 2024

Introduced: 11 Sep 2024

CVE-2024-45020  (opens in a new tab)
CWE-125  (opens in a new tab)

How to fix?

Upgrade RHEL:9 kernel-64k-debug-devel to version 0:5.14.0-503.19.1.el9_5 or higher.
This issue was patched in RHSA-2024:11486.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-64k-debug-devel package and not the kernel-64k-debug-devel package as distributed by RHEL. See How to fix? for RHEL:9 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix a kernel verifier crash in stacksafe()

Daniel Hodges reported a kernel verifier crash when playing with sched-ext. Further investigation shows that the crash is due to invalid memory access in stacksafe(). More specifically, it is the following code:

if (exact != NOT_EXACT &amp;&amp;
    old-&gt;stack[spi].slot_type[i % BPF_REG_SIZE] !=
    cur-&gt;stack[spi].slot_type[i % BPF_REG_SIZE])
        return false;

The 'i' iterates old->allocated_stack. If cur->allocated_stack < old->allocated_stack the out-of-bound access will happen.

To fix the issue add 'i >= cur->allocated_stack' check such that if the condition is true, stacksafe() should fail. Otherwise, cur->stack[spi].slot_type[i % BPF_REG_SIZE] memory access is legal.

CVSS Scores

version 3.1