CVE-2024-40996

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the bpf subsystem in the Linux kernel, where a vulnerability is associated with integer overflows. This vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information. The problem arises when syzkaller builds with CONFIG DEBUG NET=y trigger a debug hint in pskb may pull, which is not interesting in the bpf case as such programs are typically generated by a fuzzer. The debug check is retained because it might hint at integer overflows and other issues, but the warning is suppressed for bpf cases.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.