Remove tst_run from lwt_seg6local_prog_ops
CVE-2024-46754

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 September 2024

What is CVE-2024-46754?

In the Linux kernel, the following vulnerability has been resolved:

bpf: Remove tst_run from lwt_seg6local_prog_ops.

The syzbot reported that the lwt_seg6 related BPF ops can be invoked via bpf_test_run() without without entering input_action_end_bpf() first.

Martin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL probably didn't work since it was introduced in commit 04d4b274e2a ("ipv6: sr: Add seg6local action End.BPF"). The reason is that the per-CPU variable seg6_bpf_srh_states::srh is never assigned in the self test case but each BPF function expects it.

Remove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 004d4b274e2a1a895a0e5dc66158b90a7d463d44 < 9cd15511de7c619bbd0f54bb3f28e6e720ded5d6

Linux 004d4b274e2a1a895a0e5dc66158b90a7d463d44

Linux 4.18

References

https://git.kernel.org/stable/c/9cd15511de7c619bbd0f54bb3...
https://git.kernel.org/stable/c/c13fda93aca118b8e5cd202e3...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.