CVE-2024-50203

bpf, arm64: Fix address emission with tag-based KASAN enabled

Description

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix address emission with tag-based KASAN enabled When BPF_TRAMP_F_CALL_ORIG is enabled, the address of a bpf_tramp_image struct on the stack is passed during the size calculation pass and an address on the heap is passed during code generation. This may cause a heap buffer overflow if the heap address is tagged because emit_a64_mov_i64() will emit longer code than it did during the size calculation pass. The same problem could occur without tag-based KASAN if one of the 16-bit words of the stack address happened to be all-ones during the size calculation pass. Fix the problem by assuming the worst case (4 instructions) when calculating the size of the bpf_tramp_image address emission.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/9e80f366ebfdfafc685fe83a84c34f7ef01cbe88
https://git.kernel.org/stable/c/f521c2a0c0c4585f36d912bf62c852b88682c4f2
https://git.kernel.org/stable/c/7db1a2121f3c7903b8e397392beec563c3d00950 patch
https://git.kernel.org/stable/c/a552e2ef5fd1a6c78267cd4ec5a9b49aa11bbb1c patch

Frequently Asked Questions

What is the severity of CVE-2024-50203?
CVE-2024-50203 has been scored as a high severity vulnerability.
How to fix CVE-2024-50203?
To fix CVE-2024-50203, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50203 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-50203 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50203?
CVE-2024-50203 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.