PT-2024-30770 · Linux+3 · Linux Kernel+3

Kumar Kartikeya Dwivedi

·

Published

2024-06-25

·

Updated

2025-09-29

·

CVE-2024-43910

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.10.0-rc3-00131-g66b586715063 #533
Description The issue is related to a missing check in the BPF verifier, which can lead to out-of-bounds memory accesses. This occurs when a modified CONST PTR TO DYNPTR is passed to a global function as an argument, allowing BPF helpers to continue using the modified pointer and potentially compromising system stability.
Technical details about exploitation include:
  • Vulnerable function: bpf dynptr data
  • Vulnerable parameters or variables: CONST PTR TO DYNPTR
  • Function names: check func arg reg off(), process dynptr func()
  • API Endpoints: None explicitly mentioned
Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the missing check func arg reg off() in the BPF verifier. Specifically, versions after 6.10.0-rc3-00131-g66b586715063 #533 should include this fix.
As a temporary workaround, consider disabling the use of CONST PTR TO DYNPTR in global function arguments until a patch is available. However, this might not be feasible or could have significant performance implications, and thus, updating to a fixed kernel version is the recommended solution.
At the moment, there is no information about other mitigation measures or workarounds that do not involve updating the kernel.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
BDU:2025-03096
CVE-2024-43910
INFSA-2025_6966
RHSA-2025:6966
RHSA-2025_6966
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7196-1

Affected Products

Linuxmint
Linux Kernel
Red Hat
Ubuntu