{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47703", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-09-30T16:00:12.945Z", "datePublished": "2024-10-21T11:53:38.714Z", "dateUpdated": "2024-11-05T09:49:06.272Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:49:06.272Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, lsm: Add check for BPF LSM return value\n\nA bpf prog returning a positive number attached to file_alloc_security\nhook makes kernel panic.\n\nThis happens because file system can not filter out the positive number\nreturned by the LSM prog using IS_ERR, and misinterprets this positive\nnumber as a file pointer.\n\nGiven that hook file_alloc_security never returned positive number\nbefore the introduction of BPF LSM, and other BPF LSM hooks may\nencounter similar issues, this patch adds LSM return value check\nin verifier, to ensure no unexpected value is returned."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/linux/bpf.h", "include/linux/bpf_lsm.h", "kernel/bpf/bpf_lsm.c", "kernel/bpf/btf.c", "kernel/bpf/verifier.c"], "versions": [{"version": "520b7aa00d8c", "lessThan": "1050727d83e7", "status": "affected", "versionType": "git"}, {"version": "520b7aa00d8c", "lessThan": "27ca3e20fe80", "status": "affected", "versionType": "git"}, {"version": "520b7aa00d8c", "lessThan": "5d99e198be27", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/linux/bpf.h", "include/linux/bpf_lsm.h", "kernel/bpf/bpf_lsm.c", "kernel/bpf/btf.c", "kernel/bpf/verifier.c"], "versions": [{"version": "5.7", "status": "affected"}, {"version": "0", "lessThan": "5.7", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.13", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.2", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/1050727d83e70449991c29dd1cf29fe936a63da3"}, {"url": "https://git.kernel.org/stable/c/27ca3e20fe80be85a92b10064dfeb56cb2564b1c"}, {"url": "https://git.kernel.org/stable/c/5d99e198be279045e6ecefe220f5c52f8ce9bfd5"}], "title": "bpf, lsm: Add check for BPF LSM return value", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47703", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-21T13:04:16.628163Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T13:14:13.303Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47703", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-21T13:04:16.628163Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T13:04:19.828Z"}}], "cna": {"title": "bpf, lsm: Add check for BPF LSM return value", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "520b7aa00d8c", "lessThan": "1050727d83e7", "versionType": "git"}, {"status": "affected", "version": "520b7aa00d8c", "lessThan": "27ca3e20fe80", "versionType": "git"}, {"status": "affected", "version": "520b7aa00d8c", "lessThan": "5d99e198be27", "versionType": "git"}], "programFiles": ["include/linux/bpf.h", "include/linux/bpf_lsm.h", "kernel/bpf/bpf_lsm.c", "kernel/bpf/btf.c", "kernel/bpf/verifier.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.7"}, {"status": "unaffected", "version": "0", "lessThan": "5.7", "versionType": "semver"}, {"status": "unaffected", "version": "6.10.13", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11.2", "versionType": "semver", "lessThanOrEqual": "6.11.*"}, {"status": "unaffected", "version": "6.12-rc1", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["include/linux/bpf.h", "include/linux/bpf_lsm.h", "kernel/bpf/bpf_lsm.c", "kernel/bpf/btf.c", "kernel/bpf/verifier.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/1050727d83e70449991c29dd1cf29fe936a63da3"}, {"url": "https://git.kernel.org/stable/c/27ca3e20fe80be85a92b10064dfeb56cb2564b1c"}, {"url": "https://git.kernel.org/stable/c/5d99e198be279045e6ecefe220f5c52f8ce9bfd5"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, lsm: Add check for BPF LSM return value\n\nA bpf prog returning a positive number attached to file_alloc_security\nhook makes kernel panic.\n\nThis happens because file system can not filter out the positive number\nreturned by the LSM prog using IS_ERR, and misinterprets this positive\nnumber as a file pointer.\n\nGiven that hook file_alloc_security never returned positive number\nbefore the introduction of BPF LSM, and other BPF LSM hooks may\nencounter similar issues, this patch adds LSM return value check\nin verifier, to ensure no unexpected value is returned."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:49:06.272Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47703", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:49:06.272Z", "dateReserved": "2024-09-30T16:00:12.945Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-10-21T11:53:38.714Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1F96D11-7ACD-40CC-B672-1636AFCE5B49", "versionEndExcluding": "6.10.13", "versionStartIncluding": "5.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181", "versionEndExcluding": "6.11.2", "versionStartIncluding": "6.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, lsm: Add check for BPF LSM return value\n\nA bpf prog returning a positive number attached to file_alloc_security\nhook makes kernel panic.\n\nThis happens because file system can not filter out the positive number\nreturned by the LSM prog using IS_ERR, and misinterprets this positive\nnumber as a file pointer.\n\nGiven that hook file_alloc_security never returned positive number\nbefore the introduction of BPF LSM, and other BPF LSM hooks may\nencounter similar issues, this patch adds LSM return value check\nin verifier, to ensure no unexpected value is returned."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, lsm: Agregar comprobaci\u00f3n para el valor de retorno de BPF LSM Un programa bpf que devuelve un n\u00famero positivo adjunto al gancho file_alloc_security hace que el kernel entre en p\u00e1nico. Esto sucede porque el sistema de archivos no puede filtrar el n\u00famero positivo devuelto por el programa LSM usando IS_ERR y malinterpreta este n\u00famero positivo como un puntero de archivo. Dado que el gancho file_alloc_security nunca devolvi\u00f3 un n\u00famero positivo antes de la introducci\u00f3n de BPF LSM, y otros ganchos BPF LSM pueden encontrar problemas similares, este parche agrega la comprobaci\u00f3n del valor de retorno de LSM en el verificador, para garantizar que no se devuelva ning\u00fan valor inesperado."}], "id": "CVE-2024-47703", "lastModified": "2024-10-24T13:33:36.957", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-21T12:15:06.823", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1050727d83e70449991c29dd1cf29fe936a63da3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/27ca3e20fe80be85a92b10064dfeb56cb2564b1c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5d99e198be279045e6ecefe220f5c52f8ce9bfd5"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: bpf, lsm: Add check for BPF LSM return value", "id": "2320249", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320249"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nbpf, lsm: Add check for BPF LSM return value\nA bpf prog returning a positive number attached to file_alloc_security\nhook makes kernel panic.\nThis happens because file system can not filter out the positive number\nreturned by the LSM prog using IS_ERR, and misinterprets this positive\nnumber as a file pointer.\nGiven that hook file_alloc_security never returned positive number\nbefore the introduction of BPF LSM, and other BPF LSM hooks may\nencounter similar issues, this patch adds LSM return value check\nin verifier, to ensure no unexpected value is returned."], "name": "CVE-2024-47703", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-47703\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47703\nhttps://lore.kernel.org/linux-cve-announce/2024102115-CVE-2024-47703-36ea@gregkh/T"], "threat_severity": "Moderate"}