PT-2024-2046 · Linux+5 · Linux Kernel+5
Published
2024-01-17
·
Updated
2025-09-29
·
CVE-2024-26588
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.7.0-rc4-loong-devel-gb62ab1a397cf
Description
The vulnerability is related to out-of-bounds memory access in the LoongArch BPF (Berkeley Packet Filter) component of the Linux kernel. The test tag test triggers an unhandled page fault, indicating a memory access issue. The vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.
Technical details about exploitation include:
- The
build bodyfunction is vulnerable to out-of-bounds memory access. - The
bpf int jit compilefunction is involved in the exploitation process. - The
bpf prog select runtimefunction is also involved. - The
bpf prog loadfunction is used to load a BPF program with 2039 instructions, which triggers the vulnerability. - The
sys bpfandsys bpffunctions are part of the system call chain that leads to the vulnerability.
Recommendations
To resolve the issue, update the Linux kernel to a version that includes the fix for the LoongArch BPF out-of-bounds memory access vulnerability. Specifically, for Linux kernel version 6.7.0-rc4-loong-devel-gb62ab1a397cf, update to a newer version that includes the necessary patches. As a temporary workaround, consider disabling the BPF component or restricting its use to minimize the risk of exploitation.
Exploit
Fix
Out of bounds Read
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Ubuntu