CVE-2024-49850

bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos In case of malformed relocation record of kind BPF_CORE_TYPE_ID_LOCAL referencing a non-existing BTF type, function bpf_core_calc_relo_insn would cause a null pointer deference. Fix this by adding a proper check upper in call stack, as malformed relocation records could be passed from user space. Simplest reproducer is a program: r0 = 0 exit With a single relocation record: .insn_off = 0, /* patch first instruction */ .type_id = 100500, /* this type id does not exist */ .access_str_off = 6, /* offset of string "0" */ .kind = BPF_CORE_TYPE_ID_LOCAL, See the link for original reproducer or next commit for a test case.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/dc7ce14f00bcd50641f2110b7a32aa6552e0780f patch
https://git.kernel.org/stable/c/2288b54b96dcb55bedebcef3572bb8821fc5e708 patch
https://git.kernel.org/stable/c/584cd3ff792e1edbea20b2a7df55897159b0be3e patch
https://git.kernel.org/stable/c/e7e9c5b2dda29067332df2a85b0141a92b41f218 patch
https://git.kernel.org/stable/c/3d2786d65aaa954ebd3fcc033ada433e10da21c4 patch

Frequently Asked Questions

What is the severity of CVE-2024-49850?
CVE-2024-49850 has been scored as a medium severity vulnerability.
How to fix CVE-2024-49850?
To fix CVE-2024-49850, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-49850 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-49850 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-49850?
CVE-2024-49850 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.