Linux · Linux Kernel · CVE-2024-41009
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
The issue is related to the BPF ring buffer in the Linux kernel, which is implemented as a power-of-2 sized circular buffer with two logical and ever-increasing counters: `consumer pos` and `producer pos`. The vulnerability allows an attacker to make a second allocated memory chunk overlapping with the first chunk, enabling the BPF program to edit the first chunk's header. This can cause `bpf ringbuf commit()` to refer to the wrong page and potentially lead to a crash. The fix involves calculating the oldest pending position and checking whether the range from the oldest outstanding record to the newest would span beyond the ring buffer size, rejecting the request if necessary.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.