CVE-2024-49850

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: A null pointer dereference issue has been identified in the Linux kernel, specifically in the handling of malformed BPF CORE TYPE ID LOCAL relocation records. This occurs when a relocation record references a non-existing BTF type, causing the bpf core calc relo insn function to dereference a null pointer. The issue can be triggered by passing malformed relocation records from user space. A simple reproducer program has been created to demonstrate this issue, which includes a single relocation record with a non-existent type id.

Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider restricting the use of the bpf core calc relo insn function until a patch is available. Additionally, avoid passing malformed relocation records from user space to minimize the risk of exploitation.