{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36918", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-30T15:25:07.068Z", "datePublished": "2024-05-30T15:29:13.904Z", "dateUpdated": "2025-05-04T09:12:03.871Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:12:03.871Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check bloom filter map value size\n\nThis patch adds a missing check to bloom filter creating, rejecting\nvalues above KMALLOC_MAX_SIZE. This brings the bloom map in line with\nmany other map types.\n\nThe lack of this protection can cause kernel crashes for value sizes\nthat overflow int's. Such a crash was caught by syzkaller. The next\npatch adds more guard-rails at a lower level."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/bpf/bloom_filter.c", "tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c"], "versions": [{"version": "9330986c03006ab1d33d243b7cfe598a7a3c1baa", "lessThan": "fa6995eeb62e74b5a1480c73fb7b420c270784d3", "status": "affected", "versionType": "git"}, {"version": "9330986c03006ab1d33d243b7cfe598a7a3c1baa", "lessThan": "608e13706c8b6c658a0646f09ebced74ec367f7c", "status": "affected", "versionType": "git"}, {"version": "9330986c03006ab1d33d243b7cfe598a7a3c1baa", "lessThan": "c418afb9bf23e2f2b76cb819601e4a5d9dbab42d", "status": "affected", "versionType": "git"}, {"version": "9330986c03006ab1d33d243b7cfe598a7a3c1baa", "lessThan": "a8d89feba7e54e691ca7c4efc2a6264fa83f3687", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/bpf/bloom_filter.c", "tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c"], "versions": [{"version": "5.16", "status": "affected"}, {"version": "0", "lessThan": "5.16", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.91", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.31", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.10", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.91"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.6.31"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.8.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3"}, {"url": "https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c"}, {"url": "https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d"}, {"url": "https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687"}], "title": "bpf: Check bloom filter map value size", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:43:50.111Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36918", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:16:07.190878Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:35:00.289Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:43:50.111Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36918", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:16:07.190878Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:27.421Z"}}], "cna": {"title": "bpf: Check bloom filter map value size", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "9330986c0300", "lessThan": "fa6995eeb62e", "versionType": "git"}, {"status": "affected", "version": "9330986c0300", "lessThan": "608e13706c8b", "versionType": "git"}, {"status": "affected", "version": "9330986c0300", "lessThan": "c418afb9bf23", "versionType": "git"}, {"status": "affected", "version": "9330986c0300", "lessThan": "a8d89feba7e5", "versionType": "git"}], "programFiles": ["kernel/bpf/bloom_filter.c", "tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.16"}, {"status": "unaffected", "version": "0", "lessThan": "5.16", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.91", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.31", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.10", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["kernel/bpf/bloom_filter.c", "tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3"}, {"url": "https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c"}, {"url": "https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d"}, {"url": "https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687"}], "x_generator": {"engine": "bippy-8e903de6a542"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check bloom filter map value size\n\nThis patch adds a missing check to bloom filter creating, rejecting\nvalues above KMALLOC_MAX_SIZE. This brings the bloom map in line with\nmany other map types.\n\nThe lack of this protection can cause kernel crashes for value sizes\nthat overflow int's. Such a crash was caught by syzkaller. The next\npatch adds more guard-rails at a lower level."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-13T15:30:43.193Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36918", "state": "PUBLISHED", "dateUpdated": "2024-12-13T15:30:43.193Z", "dateReserved": "2024-05-30T15:25:07.068Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-30T15:29:13.904Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F8C886C-75AA-469B-A6A9-12BF1A29C0D5", "versionEndExcluding": "6.1.91", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDDB1F69-36AC-41C1-9192-E7CCEF5FFC00", "versionEndExcluding": "6.6.31", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A6B920C-8D8F-4130-86B4-AD334F4CF2E3", "versionEndExcluding": "6.8.10", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check bloom filter map value size\n\nThis patch adds a missing check to bloom filter creating, rejecting\nvalues above KMALLOC_MAX_SIZE. This brings the bloom map in line with\nmany other map types.\n\nThe lack of this protection can cause kernel crashes for value sizes\nthat overflow int's. Such a crash was caught by syzkaller. The next\npatch adds more guard-rails at a lower level."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bpf: Verificar el tama\u00f1o del valor del mapa del filtro de floraci\u00f3n. Este parche agrega una verificaci\u00f3n faltante para la creaci\u00f3n del filtro de floraci\u00f3n, rechazando valores superiores a KMALLOC_MAX_SIZE. Esto alinea el mapa de floraci\u00f3n con muchos otros tipos de mapas. La falta de esta protecci\u00f3n puede provocar fallas del kernel para tama\u00f1os de valores que desbordan los de int. Syzkaller capt\u00f3 tal accidente. El siguiente parche agrega m\u00e1s barandillas en un nivel inferior."}], "id": "CVE-2024-36918", "lastModified": "2025-09-17T22:18:22.507", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-30T16:15:15.130", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: bpf: Check bloom filter map value size", "id": "2284517", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284517"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nbpf: Check bloom filter map value size\nThis patch adds a missing check to bloom filter creating, rejecting\nvalues above KMALLOC_MAX_SIZE. This brings the bloom map in line with\nmany other map types.\nThe lack of this protection can cause kernel crashes for value sizes\nthat overflow int's. Such a crash was caught by syzkaller. The next\npatch adds more guard-rails at a lower level."], "name": "CVE-2024-36918", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-36918\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-36918\nhttps://lore.kernel.org/linux-cve-announce/2024053039-CVE-2024-36918-f8bc@gregkh/T"], "threat_severity": "Low"}

{"created": "2025-07-12T22:09:48.067992+00:00", "updated": "2025-07-12T22:09:48.068049+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}