{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-35905", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.120Z", "datePublished": "2024-05-19T08:34:58.347Z", "dateUpdated": "2024-11-05T09:24:48.663Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:24:48.663Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Protect against int overflow for stack access size\n\nThis patch re-introduces protection against the size of access to stack\nmemory being negative; the access size can appear negative as a result\nof overflowing its signed int representation. This should not actually\nhappen, as there are other protections along the way, but we should\nprotect against it anyway. One code path was missing such protections\n(fixed in the previous patch in the series), causing out-of-bounds array\naccesses in check_stack_range_initialized(). This patch causes the\nverification of a program with such a non-sensical access size to fail.\n\nThis check used to exist in a more indirect way, but was inadvertendly\nremoved in a833a17aeac7."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/bpf/verifier.c"], "versions": [{"version": "afea95d319cc", "lessThan": "9970e059af47", "status": "affected", "versionType": "git"}, {"version": "02962684258e", "lessThan": "37dc1718dc0c", "status": "affected", "versionType": "git"}, {"version": "b1d4d54d32ce", "lessThan": "98cdac206b11", "status": "affected", "versionType": "git"}, {"version": "08b91babccbb", "lessThan": "3f0784b2f1eb", "status": "affected", "versionType": "git"}, {"version": "a833a17aeac7", "lessThan": "203a68151e8e", "status": "affected", "versionType": "git"}, {"version": "a833a17aeac7", "lessThan": "ecc6a2101840", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/bpf/verifier.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.215", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.154", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.85", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.26", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.5", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/9970e059af471478455f9534e8c3db82f8c5496d"}, {"url": "https://git.kernel.org/stable/c/37dc1718dc0c4392dbfcb9adec22a776e745dd69"}, {"url": "https://git.kernel.org/stable/c/98cdac206b112bec63852e94802791e316acc2c1"}, {"url": "https://git.kernel.org/stable/c/3f0784b2f1eb9147973d8c43ba085c5fdf44ff69"}, {"url": "https://git.kernel.org/stable/c/203a68151e8eeb331d4a64ab78303f3a15faf103"}, {"url": "https://git.kernel.org/stable/c/ecc6a2101840177e57c925c102d2d29f260d37c8"}], "title": "bpf: Protect against int overflow for stack access size", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35905", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T15:34:20.280116Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:34:52.056Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:49.025Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/9970e059af471478455f9534e8c3db82f8c5496d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/37dc1718dc0c4392dbfcb9adec22a776e745dd69", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/98cdac206b112bec63852e94802791e316acc2c1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3f0784b2f1eb9147973d8c43ba085c5fdf44ff69", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/203a68151e8eeb331d4a64ab78303f3a15faf103", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ecc6a2101840177e57c925c102d2d29f260d37c8", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35905", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T15:34:20.280116Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:25.172Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "bpf: Protect against int overflow for stack access size", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "afea95d319cc", "lessThan": "9970e059af47", "versionType": "git"}, {"status": "affected", "version": "02962684258e", "lessThan": "37dc1718dc0c", "versionType": "git"}, {"status": "affected", "version": "b1d4d54d32ce", "lessThan": "98cdac206b11", "versionType": "git"}, {"status": "affected", "version": "08b91babccbb", "lessThan": "3f0784b2f1eb", "versionType": "git"}, {"status": "affected", "version": "a833a17aeac7", "lessThan": "203a68151e8e", "versionType": "git"}, {"status": "affected", "version": "a833a17aeac7", "lessThan": "ecc6a2101840", "versionType": "git"}], "programFiles": ["kernel/bpf/verifier.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.8"}, {"status": "unaffected", "version": "0", "lessThan": "6.8", "versionType": "custom"}, {"status": "unaffected", "version": "5.10.215", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.154", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.85", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.26", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.5", "versionType": "custom", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["kernel/bpf/verifier.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/9970e059af471478455f9534e8c3db82f8c5496d"}, {"url": "https://git.kernel.org/stable/c/37dc1718dc0c4392dbfcb9adec22a776e745dd69"}, {"url": "https://git.kernel.org/stable/c/98cdac206b112bec63852e94802791e316acc2c1"}, {"url": "https://git.kernel.org/stable/c/3f0784b2f1eb9147973d8c43ba085c5fdf44ff69"}, {"url": "https://git.kernel.org/stable/c/203a68151e8eeb331d4a64ab78303f3a15faf103"}, {"url": "https://git.kernel.org/stable/c/ecc6a2101840177e57c925c102d2d29f260d37c8"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Protect against int overflow for stack access size\n\nThis patch re-introduces protection against the size of access to stack\nmemory being negative; the access size can appear negative as a result\nof overflowing its signed int representation. This should not actually\nhappen, as there are other protections along the way, but we should\nprotect against it anyway. One code path was missing such protections\n(fixed in the previous patch in the series), causing out-of-bounds array\naccesses in check_stack_range_initialized(). This patch causes the\nverification of a program with such a non-sensical access size to fail.\n\nThis check used to exist in a more indirect way, but was inadvertendly\nremoved in a833a17aeac7."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:31:02.305Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35905", "state": "PUBLISHED", "dateUpdated": "2024-05-29T05:31:02.305Z", "dateReserved": "2024-05-17T13:50:33.120Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-19T08:34:58.347Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Protect against int overflow for stack access size\n\nThis patch re-introduces protection against the size of access to stack\nmemory being negative; the access size can appear negative as a result\nof overflowing its signed int representation. This should not actually\nhappen, as there are other protections along the way, but we should\nprotect against it anyway. One code path was missing such protections\n(fixed in the previous patch in the series), causing out-of-bounds array\naccesses in check_stack_range_initialized(). This patch causes the\nverification of a program with such a non-sensical access size to fail.\n\nThis check used to exist in a more indirect way, but was inadvertendly\nremoved in a833a17aeac7."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Protecci\u00f3n contra desbordamiento int para el tama\u00f1o de acceso a la pila. Este parche reintroduce la protecci\u00f3n contra que el tama\u00f1o de acceso a la memoria de la pila sea negativo; el tama\u00f1o de acceso puede parecer negativo como resultado de desbordar su representaci\u00f3n int firmada. En realidad, esto no deber\u00eda suceder, ya que existen otras protecciones en el camino, pero debemos protegernos contra ello de todos modos. A una ruta de c\u00f3digo le faltaban dichas protecciones (corregidas en el parche anterior de la serie), lo que provocaba accesos a matrices fuera de los l\u00edmites en check_stack_range_initialized(). Este parche hace que falle la verificaci\u00f3n de un programa con un tama\u00f1o de acceso tan absurdo. Esta verificaci\u00f3n sol\u00eda existir de una manera m\u00e1s indirecta, pero se elimin\u00f3 inadvertidamente en a833a17aeac7."}], "id": "CVE-2024-35905", "lastModified": "2024-11-05T10:16:51.483", "metrics": {}, "published": "2024-05-19T09:15:11.260", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/203a68151e8eeb331d4a64ab78303f3a15faf103"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/37dc1718dc0c4392dbfcb9adec22a776e745dd69"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3f0784b2f1eb9147973d8c43ba085c5fdf44ff69"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/98cdac206b112bec63852e94802791e316acc2c1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9970e059af471478455f9534e8c3db82f8c5496d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ecc6a2101840177e57c925c102d2d29f260d37c8"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: bpf: Protect against int overflow for stack access size", "id": "2281651", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281651"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nbpf: Protect against int overflow for stack access size\nThis patch re-introduces protection against the size of access to stack\nmemory being negative; the access size can appear negative as a result\nof overflowing its signed int representation. This should not actually\nhappen, as there are other protections along the way, but we should\nprotect against it anyway. One code path was missing such protections\n(fixed in the previous patch in the series), causing out-of-bounds array\naccesses in check_stack_range_initialized(). This patch causes the\nverification of a program with such a non-sensical access size to fail.\nThis check used to exist in a more indirect way, but was inadvertendly\nremoved in a833a17aeac7.", "A flaw was found in the Linux kernel. An integer overflow vulnerability exists in the access size of a stack, such that the size of the access stack can appear negative as a result of overflowing its signed int representation. This issue can result in denial of service."], "name": "CVE-2024-35905", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35905\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35905\nhttps://lore.kernel.org/linux-cve-announce/2024051954-CVE-2024-35905-d079@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 5.10.215, kernel 5.15.154, kernel 6.1.85, kernel 6.6.26, kernel 6.8.5, kernel 6.9"}