CVE-2024-50161

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.11.0-rc4+

Description: The issue is related to the Linux kernel's BPF (Berkeley Packet Filter) functionality, specifically with the repetition of BTF (BPF Type Format) fields for arrays of nested structs. The problem arises when the value of ret * nelems exceeds BTF FIELDS MAX, causing an out-of-bounds array access. This results in a UBSAN (Undefined Behavior Sanitizer) error, reporting an array-index-out-of-bounds in the btf.c file. The estimated number of potentially affected devices is not specified.

Recommendations: To resolve the issue, update to a version of the Linux kernel that includes the fix for the out-of-bounds array access in the BPF functionality. As a temporary workaround, consider restricting the use of the BPF functionality until a patch is available.