CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-56615: bpf: fix OOB devmap writes when deleting elements

Description

In the Linux kernel, the following vulnerability has been resolved:

bpf: fix OOB devmap writes when deleting elements

Jordy reported issue against XSKMAP which also applies to DEVMAP - the
index used for accessing map entry, due to being a signed integer,
causes the OOB writes. Fix is simple as changing the type from int to
u32, however, when compared to XSKMAP case, one more thing needs to be
addressed.

When map is released from system via dev_map_free(), we iterate through
all of the entries and an iterator variable is also an int, which
implies OOB accesses. Again, change it to be u32.

Example splat below:

[ 160.724676] BUG: unable to handle page fault for address: ffffc8fc2c001000
[ 160.731662] #PF: supervisor read access in kernel mode
[ 160.736876] #PF: error_code(0x0000) - not-present page
[ 160.742095] PGD 0 P4D 0
[ 160.744678] Oops: Oops: 0000 [#1] PREEMPT SMP
[ 160.749106] CPU: 1 UID: 0 PID: 520 Comm: kworker/u145:12 Not tainted 6.12.0-rc1+ #487
[ 160.757050] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019
[ 160.767642] Workqueue: events_unbound bpf_map_free_deferred
[ 160.773308] RIP: 0010:dev_map_free+0x77/0x170
[ 160.777735] Code: 00 e8 fd 91 ed ff e8 b8 73 ed ff 41 83 7d 18 19 74 6e 41 8b 45 24 49 8b bd f8 00 00 00 31 db 85 c0 74 48 48 63 c3 48 8d 04 c7 <48> 8b 28 48 85 ed 74 30 48 8b 7d 18 48 85 ff 74 05 e8 b3 52 fa ff
[ 160.796777] RSP: 0018:ffffc9000ee1fe38 EFLAGS: 00010202
[ 160.8020...

Classification

CVE ID: CVE-2024-56615

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.08% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/0f170e91d3063ca60baec4bd9f544faf3bfe29eb
https://git.kernel.org/stable/c/70f3de869865f9c3da0508a5ea29f6f4c1889057
https://git.kernel.org/stable/c/ad34306ac6836e5dd096b7d0ad4aa20cb7c8d9e5
https://git.kernel.org/stable/c/98c03d05936d846073df8f550e9e8bf0dde1d77f
https://git.kernel.org/stable/c/8e858930695d3ebec423e85384c95427258c294f
https://git.kernel.org/stable/c/178e31df1fb3d9e0890eb471da16709cbc82edee
https://git.kernel.org/stable/c/ab244dd7cf4c291f82faacdc50b45cc0f55b674d

Timeline

2024-12-28 00:31:39 UTC
CVE

bpf: fix OOB devmap writes when deleting elements
2025-03-06 09:45:34 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2024-56615