CVE-2024-45020

Advisory lineage Upstream: 0 Downstream: 17
Analyzed
Published: 11 Sept 2024, 15:13
Last modified:23 May 2026, 15:53

Vulnerability Summary

Overall Risk (default)
low
22/100
CVSS Score
5.5 MEDIUM
v3.1 (nvd)
EPSS Score
0.02% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

11 Sept 2024, 15:13
Published
Vulnerability first disclosed
23 May 2026, 15:53
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a kernel verifier crash in stacksafe() Daniel Hodges reported a kernel verifier crash when playing with sched-ext. Further investigation shows that the crash is due to invalid memory access in stacksafe(). More specifically, it is the following code: if (exact != NOT_EXACT && old->stack[spi].slot_type[i % BPF_REG_SIZE] != cur->stack[spi].slot_type[i % BPF_REG_SIZE]) return false; The 'i' iterates old->allocated_stack. If cur->allocated_stack < old->allocated_stack the out-of-bound access will happen. To fix the issue add 'i >= cur->allocated_stack' check such that if the condition is true, stacksafe() should fail. Otherwise, cur->stack[spi].slot_type[i % BPF_REG_SIZE] memory access is legal.

CVSS Metrics

  • v3.1MEDIUMScore: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.02% Percentile: 7%

Techniques & Countermeasures

  • CWE-787Out-of-bounds Write

    The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

  • linuxlinux

    ≥ ab470fefce2837e66b771c60858118d50bb5bb10, < 7cad3174cc79519bf5f6c4441780264416822c08 | ≥ 2793a8b015f7f1caadb9bce9c63dc659f7522676, < 6e3987ac310c74bb4dd6a2fa8e46702fe505fb2b | ≥ 2793a8b015f7f1caadb9bce9c63dc659f7522676, < bed2eb964c70b780fb55925892a74f26cb590b25 | ≥ 6.6.15, < 6.6.48 | 6.7

  • linuxlinux_kernel

    ≥ 6.6.15, < 6.6.48 | ≥ 6.7, < 6.10.7 | 6.11:rc1 | 6.11:rc2 | 6.11:rc3

References (3)