GHSA-m9gh-794q-vjjj

Опубликовано: 05 нояб. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 7.1

Описание

In the Linux kernel, the following vulnerability has been resolved:

bpf: Add the missing BPF_LINK_TYPE invocation for sockmap

There is an out-of-bounds read in bpf_link_show_fdinfo() for the sockmap link fd. Fix it by adding the missing BPF_LINK_TYPE invocation for sockmap link

Also add comments for bpf_link_type to prevent missing updates in the future.

In the Linux kernel, the following vulnerability has been resolved:

bpf: Add the missing BPF_LINK_TYPE invocation for sockmap

There is an out-of-bounds read in bpf_link_show_fdinfo() for the sockmap link fd. Fix it by adding the missing BPF_LINK_TYPE invocation for sockmap link

Also add comments for bpf_link_type to prevent missing updates in the future.

Ссылки

EPSS

Процентиль: 22%

0.00071

Низкий

7.1 High

CVSS3

CVE ID

CVE-2024-50123

Дефекты

CWE-125

Связанные уязвимости

CVE-2024-50123

CVSS3: 7.1

ubuntu

около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: bpf: Add the missing BPF_LINK_TYPE invocation for sockmap There is an out-of-bounds read in bpf_link_show_fdinfo() for the sockmap link fd. Fix it by adding the missing BPF_LINK_TYPE invocation for sockmap link Also add comments for bpf_link_type to prevent missing updates in the future.

CVE-2024-50123

CVSS3: 7.1

redhat

около 1 года назад

CVE-2024-50123

CVSS3: 7.1

nvd

около 1 года назад

CVE-2024-50123

CVSS3: 7.1

debian

около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: b ...

BDU:2025-07309

CVSS3: 7.1

fstec

около 1 года назад

Уязвимость функции bpf_link_show_fdinfo() в модуле kernel/bpf/syscall.c компонента bpf ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации

EPSS

Процентиль: 22%

0.00071

Низкий

7.1 High

CVSS3

CVE ID

CVE-2024-50123

Дефекты

CWE-125