PT-2024-34038 · Linux+4 · Linux Kernel+4

Published

2024-10-21

·

Updated

2025-11-11

·

CVE-2024-50203

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A heap buffer overflow issue has been resolved in the Linux kernel. The problem occurs when BPF TRAMP F CALL ORIG is enabled, and the address of a bpf tramp image struct on the stack is passed during the size calculation pass, while an address on the heap is passed during code generation. This may cause a heap buffer overflow if the heap address is tagged because emit a64 mov i64() will emit longer code than it did during the size calculation pass. The same problem could occur without tag-based KASAN if one of the 16-bit words of the stack address happened to be all-ones during the size calculation pass. The issue is fixed by assuming the worst case when calculating the size of the bpf tramp image address emission.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-17211
BDU:2025-07234
CVE-2024-50203
OESA-2024-2447
OESA-2024-2448
OESA-2024-2492
OPENSUSE-SU-2025_0117-1
OPENSUSE-SU-2025_0153-1
OPENSUSE-SU-2025_0154-1
SUSE-SU-2025:0117-1
SUSE-SU-2025:0153-1
SUSE-SU-2025:0154-1
SUSE-SU-2025:0289-1
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
USN-7276-1
USN-7277-1
USN-7310-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7468-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Suse
Ubuntu