NVD Vulnerability Detail

CVE-2024-47728

Summary	In the Linux kernel, the following vulnerability has been resolved: bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error For all non-tracing helpers which formerly had ARG_PTR_TO_{LONG,INT} as input arguments, zero the value for the case of an error as otherwise it could leak memory. For tracing, it is not needed given CAP_PERFMON can already read all kernel memory anyway hence bpf_get_func_arg() and bpf_get_func_ret() is skipped in here. Also, the MTU helpers mtu_len pointer value is being written but also read. Technically, the MEM_UNINIT should not be there in order to always force init. Removing MEM_UNINIT needs more verifier rework though: MEM_UNINIT right now implies two things actually: i) write into memory, ii) memory does not have to be initialized. If we lift MEM_UNINIT, it then becomes: i) read into memory, ii) memory must be initialized. This means that for bpf__check_mtu() we're readding the issue we're trying to fix, that is, it would then be able to write back into things like .rodata BPF maps. Follow-up work will rework the MEM_UNINIT semantics such that the intent can be better expressed. For now just clear the mtu_len on error path which can be lifted later again.
Publication Date	Oct. 21, 2024, 10:15 p.m.
Registration Date	Oct. 22, 2024, 5 a.m.
Last Update	Oct. 24, 2024, 5:36 a.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	https://git.kernel.org/stable/c/8397bf78988f3ae9dbebb0200189a62a57264980	Patch
2	https://git.kernel.org/stable/c/a634fa8e480ac2423f86311a602f6295df2c8ed0	Patch
3	https://git.kernel.org/stable/c/599d15b6d03356a97bff7a76155c5604c42a2962	Patch
4	https://git.kernel.org/stable/c/594a9f5a8d2de2573a856e506f77ba7dd2cefc6a	Patch
5	https://git.kernel.org/stable/c/4b3786a6c5397dc220b1483d8e2f4867743e966f	Patch

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-459	不完全なクリーンアップ	https://cwe.mitre.org/data/definitions/459.html

JVN Vulnerability Information

Linux の Linux Kernel における不完全なクリーンアップに関する脆弱性

Title	Linux の Linux Kernel における不完全なクリーンアップに関する脆弱性
Summary	Linux の Linux Kernel には、不完全なクリーンアップに関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 13, 2024, midnight
Registration Date	Oct. 24, 2024, 5:08 p.m.
Last Update	Oct. 24, 2024, 5:08 p.m.

Affected System

Linux

Linux Kernel 5.2 以上 6.1.113 未満

Linux Kernel 6.11 以上 6.11.2 未満

Linux Kernel 6.2 以上 6.6.54 未満

Linux Kernel 6.7 以上 6.10.13 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-47728	https://www.cve.org/CVERecord?id=CVE-2024-47728
National Vulnerability Database (NVD)
2	CVE-2024-47728	https://nvd.nist.gov/vuln/detail/CVE-2024-47728

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-459	https://cwe.mitre.org/data/definitions/459.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (4b3786a)	https://git.kernel.org/stable/c/4b3786a6c5397dc220b1483d8e2f4867743e966f
2	bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (594a9f5)	https://git.kernel.org/stable/c/594a9f5a8d2de2573a856e506f77ba7dd2cefc6a
3	bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (599d15b)	https://git.kernel.org/stable/c/599d15b6d03356a97bff7a76155c5604c42a2962
4	bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (8397bf7)	https://git.kernel.org/stable/c/8397bf78988f3ae9dbebb0200189a62a57264980
5	bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (a634fa8)	https://git.kernel.org/stable/c/a634fa8e480ac2423f86311a602f6295df2c8ed0
Linux Kernel
6	Linux Kernel Archives	https://www.kernel.org

Change Log

No	Changed Details	Date of change
1	[2024年10月24日] 掲載	Oct. 24, 2024, 5:08 p.m.