CVE-2024-40908

bpf: Set run context for rawtp test_run callback

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Set run context for rawtp test_run callback syzbot reported crash when rawtp program executed through the test_run interface calls bpf_get_attach_cookie helper or any other helper that touches task->bpf_ctx pointer. Setting the run context (task->bpf_ctx pointer) for test_run callback.

N/A

CVSS

Severity:

EPSS 0.14%

Affected: Linux Linux

References

Link	Tags
https://git.kernel.org/stable/c/789bd77c9342aa6125003871ae5c6034d0f6f9d2
https://git.kernel.org/stable/c/3708b6c2546c9eb34aead8a34a17e8ae69004e4d
https://git.kernel.org/stable/c/d387805d4b4a46ee01e3dae133c81b6d80195e5b
https://git.kernel.org/stable/c/ae0ba0ab7475a129ef7d449966edf677367efeb4
https://git.kernel.org/stable/c/d0d1df8ba18abc57f28fb3bc053b2bf319367f2c

Frequently Asked Questions

What is the severity of CVE-2024-40908?: CVE-2024-40908 has not yet been assigned a CVSS score.
How to fix CVE-2024-40908?: To fix CVE-2024-40908, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-40908 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-40908 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-40908?: CVE-2024-40908 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.