In the Linux kernel, the following vulnerability has been resolved:
bpf: add check for invalid name in btf_name_valid_section()
If the length of the name string is 1 and the value of name[0] is NULL
byte, an OOB vulnerability occurs in btf_name_valid_section() and the
return value is true, so the invalid name passes the check.
To solve this, you need to check if the first position is NULL byte and
if the first character is printable.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Sep 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Wed, 18 Sep 2024 07:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In the Linux kernel, the following vulnerability has been resolved: bpf: add check for invalid name in btf_name_valid_section() If the length of the name string is 1 and the value of name[0] is NULL byte, an OOB vulnerability occurs in btf_name_valid_section() and the return value is true, so the invalid name passes the check. To solve this, you need to check if the first position is NULL byte and if the first character is printable. | |
Title | bpf: add check for invalid name in btf_name_valid_section() | |
References |
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-09-18T07:12:23.591Z
Updated: 2024-09-18T07:12:23.591Z
Reserved: 2024-09-11T15:12:18.272Z
Link: CVE-2024-46764
Vulnrichment
No data.
NVD
Status : Awaiting Analysis
Published: 2024-09-18T08:15:04.670
Modified: 2024-09-20T12:30:51.220
Link: CVE-2024-46764
Redhat