漏洞详情: CVE-2024-35905

漏洞标题
bpf: Protect against int overflow for stack access size
来源:NVD
Linux kernel 安全漏洞
来源:CNNVD
BPF:防止整数溢出以保护堆栈访问大小
来源:神龙机器人
漏洞描述
In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflowing its signed int representation. This should not actually happen, as there are other protections along the way, but we should protect against it anyway. One code path was missing such protections (fixed in the previous patch in the series), causing out-of-bounds array accesses in check_stack_range_initialized(). This patch causes the verification of a program with such a non-sensical access size to fail. This check used to exist in a more indirect way, but was inadvertendly removed in a833a17aeac7.
来源:NVD
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于check_stack_range_initialized函数中的数组访问越界。
来源:CNNVD
在Linux内核中,已解决了以下漏洞: bpf:防止堆访问大小的整数溢出 此补丁重新引入了防止访问堆内存的大小为负的保护;访问大小可能因其有符号整数表示溢出而导致为负。实际上这种情况不应该发生,因为在其他地方已经有保护措施,但我们仍然应该对其加以保护。该系列中之前的补丁缺失了对这种情况的保护(已修复),导致在check_stack_range_initialized()中访问了越界的数组。此补丁会导致访问这种不合理大小的程序的验证失败。 此检查以前以更间接的方式存在,但在a833a17aeac7中不小心被删除了。
来源:神龙机器人
漏洞评分(CVSS)
NVD 暂无评分
来源:NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
来源:神龙机器人, 准确率:N/A
漏洞类别
NVD 暂无漏洞类别信息
来源:NVD
其他
来源:CNNVD
相关链接