CVE-2024-43837

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50

Description A null pointer dereference vulnerability was found in the Linux kernel's BPF (Berkeley Packet Filter) subsystem. This issue occurs when loading an EXT program without specifying the attr->attach prog fd attribute, causing the prog->aux->dst prog pointer to be null. As a result, calling resolve prog type() anywhere will lead to a null pointer dereference. The vulnerability was introduced by a commit that aimed to correct type resolution for BPF PROG TYPE TRACING programs. To fix this issue, one can either force attach prog fd to be non-empty when loading a BPF program or add a null check in the resolve prog type() function.

Recommendations For Linux kernel versions prior to 6.6.50, update to version 6.6.50 or later to fix the vulnerability. Alternatively, consider applying the patch that adds a null check in the resolve prog type() function to prevent the null pointer dereference. As a temporary workaround, consider disabling the loading of EXT programs without specifying the attr->attach prog fd attribute until a patch is available.