CVE-2024-36918

In the Linux kernel, the following vulnerability has been resolved: bpf: Check bloom filter map value size This patch adds a missing check to bloom filter creating, rejecting values above KMALLOC_MAX_SIZE. This brings the bloom map in line with many other map types. The lack of this protection can cause kernel crashes for value sizes that overflow int's. Such a crash was caught by syzkaller. The next patch adds more guard-rails at a lower level.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c	Patch
https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687	Patch
https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d	Patch
https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3	Patch
https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c	Patch
https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687	Patch
https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d	Patch
https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc1::::::

History

No history.

Information

Published : 2024-05-30 16:15

Updated : 2025-09-17 22:18

NVD link : CVE-2024-36918

Mitre link : CVE-2024-36918

CVE.ORG link : CVE-2024-36918

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2024-36918", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-05-30T16:15:15.130", "references": [{"url": "https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check bloom filter map value size\n\nThis patch adds a missing check to bloom filter creating, rejecting\nvalues above KMALLOC_MAX_SIZE. This brings the bloom map in line with\nmany other map types.\n\nThe lack of this protection can cause kernel crashes for value sizes\nthat overflow int's. Such a crash was caught by syzkaller. The next\npatch adds more guard-rails at a lower level."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bpf: Verificar el tama\u00f1o del valor del mapa del filtro de floraci\u00f3n. Este parche agrega una verificaci\u00f3n faltante para la creaci\u00f3n del filtro de floraci\u00f3n, rechazando valores superiores a KMALLOC_MAX_SIZE. Esto alinea el mapa de floraci\u00f3n con muchos otros tipos de mapas. La falta de esta protecci\u00f3n puede provocar fallas del kernel para tama\u00f1os de valores que desbordan los de int. Syzkaller capt\u00f3 tal accidente. El siguiente parche agrega m\u00e1s barandillas en un nivel inferior."}], "lastModified": "2025-09-17T22:18:22.507", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F8C886C-75AA-469B-A6A9-12BF1A29C0D5", "versionEndExcluding": "6.1.91", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDDB1F69-36AC-41C1-9192-E7CCEF5FFC00", "versionEndExcluding": "6.6.31", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A6B920C-8D8F-4130-86B4-AD334F4CF2E3", "versionEndExcluding": "6.8.10", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}