PT-2024-3393 · Linux+5 · Linux Kernel+5

Syzbot

·

Published

2024-03-07

·

Updated

2025-09-29

·

CVE-2024-26885

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue is related to an integer overflow in the devmap code of the Linux kernel's BPF subsystem. This occurs when the devmap code allocates a number of hash buckets equal to the next power of two of the max entries value provided when creating the map. On 32-bit architectures, the rounding up itself can overflow mid-way through, leading to undefined behavior. Syzbot was able to turn this into a crash on arm32 by creating a DEVMAP HASH with max entries > 0x80000000 and then trying to update it. The fix involves moving the overflow check to before the rounding up operation.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-14046
ALT-PU-2024-7511
AZL-40091
BDU:2024-03665
CVE-2024-26885
DLA-3842-1
DSA-5681-1
OESA-2024-1520
OESA-2024-1524
OESA-2024-1536
OESA-2024-1541
OPENSUSE-SU-2024_1644-1
OPENSUSE-SU-2024_1659-1
OPENSUSE-SU-2024_1663-1
SUSE-SU-2024:1644-1
SUSE-SU-2024:1659-1
SUSE-SU-2024:1663-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6816-1
USN-6817-1
USN-6817-2
USN-6817-3
USN-6820-1
USN-6820-2
USN-6821-1
USN-6821-2
USN-6821-3
USN-6821-4
USN-6828-1
USN-6871-1
USN-6878-1
USN-6892-1
USN-6919-1
USN-7088-1
USN-7088-2
USN-7088-3
USN-7088-4
USN-7088-5
USN-7119-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu