CVE-2024-50162
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-50162
CVE Details
| Release Date: | 2024-11-07 |
Description
In the Linux kernel, the following vulnerability has been resolved:\nbpf: devmap: provide rxq after redirect\nrxq contains a pointer to the device from where\nthe redirect happened. Currently, the BPF program\nthat was executed after a redirect via BPF_MAP_TYPE_DEVMAP*\ndoes not have it set.\nThis is particularly bad since accessing ingress_ifindex, e.g.\nSEC('xdp')\nint prog(struct xdp_md *pkt)\n{\nreturn bpf_redirect_map(&dev_redirect_map, 0, 0);\n}\nSEC('xdp/devmap')\nint prog_after_redirect(struct xdp_md *pkt)\n{\nbpf_printk('ifindex %i', pkt->ingress_ifindex);\nreturn XDP_PASS;\n}\ndepends on access to rxq, so a NULL pointer gets dereferenced:\n<1>[ 574.475170] BUG: kernel NULL pointer dereference, address: 0000000000000000\n<1>[ 574.475188] #PF: supervisor read access in kernel mode\n<1>[ 574.475194] #PF: error_code(0x0000) - not-present page\n<6>[ 574.475199] PGD 0 P4D 0\n<4>[ 574.475207] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n<4>[ 574.475217] CPU: 4 UID: 0 PID: 217 Comm: kworker/4:1 Not tainted 6.11.0-rc5-reduced-00859-g780801200300 #23\n<4>[ 574.475226] Hardware name: Intel(R) Client Systems NUC13ANHi7/NUC13ANBi7, BIOS ANRPL357.0026.2023.0314.1458 03/14/2023\n<4>[ 574.475231] Workqueue: mld mld_ifc_work\n<4>[ 574.475247] RIP: 0010:bpf_prog_5e13354d9cf5018a_prog_after_redirect+0x17/0x3c\n<4>[ 574.475257] Code: cc cc cc cc cc cc cc 80 00 00 00 cc cc cc cc cc cc cc cc f3 0f 1e fa 0f 1f 44 00 00 66 90 55 48 89 e5 f3 0f 1e fa 48 8b 57 20 <48> 8b 52 00 8b 92 e0 00 00 00 48 bf f8 a6 d5 c4 5d a0 ff ff be 0b\n<4>[ 574.475263] RSP: 0018:ffffa62440280c98 EFLAGS: 00010206\n<4>[ 574.475269] RAX: ffffa62440280cd8 RBX: 0000000000000001 RCX: 0000000000000000\n<4>[ 574.475274] RDX: 0000000000000000 RSI: ffffa62440549048 RDI: ffffa62440280ce0\n<4>[ 574.475278] RBP: ffffa62440280c98 R08: 0000000000000002 R09: 0000000000000001\n<4>[ 574.475281] R10: ffffa05dc8b98000 R11: ffffa05f577fca40 R12: ffffa05dcab24000\n<4>[ 574.475285] R13: ffffa62440280ce0 R14: ffffa62440549048 R15: ffffa62440549000\n<4>[ 574.475289] FS: 0000000000000000(0000) GS:ffffa05f4f700000(0000) knlGS:0000000000000000\n<4>[ 574.475294] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n<4>[ 574.475298] CR2: 0000000000000000 CR3: 000000025522e000 CR4: 0000000000f50ef0\n<4>[ 574.475303] PKRU: 55555554\n<4>[ 574.475306] Call Trace:\n<4>[ 574.475313]
See more information about CVE-2024-50162 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS metrics and score provided are preliminary and subject to review.
CVSS v3 metrics
| Base Score: | 5.5 |
| Vector String: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Version: | 3.1 |
| Attack Vector: | Local |
| Attack Complexity: | Low |
| Privileges Required: | Low |
| User Interaction: | None |
| Scope: | Unchanged |
| Confidentiality: | None |
| Integrity: | None |
| Availability: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 8 (kernel-uek) | ELSA-2024-12887 | 2024-12-18 |
| Oracle Linux version 9 (kernel-uek) | ELSA-2024-12887 | 2024-12-18 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
