CVE-2024-27050

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-27050
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27050.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-27050
Downstream
Related
Published
2024-05-01T12:54:35Z
Modified
2025-10-09T07:51:30.732760Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
libbpf: Use OPTS_SET() macro in bpf_xdp_query()
Details

In the Linux kernel, the following vulnerability has been resolved:

libbpf: Use OPTSSET() macro in bpfxdp_query()

When the featureflags and xdpzcmaxsegs fields were added to the libbpf bpfxdpqueryopts, the code writing them did not use the OPTSSET() macro. This causes libbpf to write to those fields unconditionally, which means that programs compiled against an older version of libbpf (with a smaller size of the bpfxdpquery_opts struct) will have its stack corrupted by libbpf writing out of bounds.

The patch adding the featureflags field has an early bail out if the featureflags field is not part of the opts struct (via the OPTSHAS) macro, but the patch adding xdpzcmaxsegs does not. For consistency, this fix just changes the assignments to both fields to use the OPTS_SET() macro.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
13ce2daa259a3bfbc9a5aeeee8b9a87058703731
Fixed
fa5bef5e80c6a3321b2b1a7070436f3bc5daf07c
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
13ce2daa259a3bfbc9a5aeeee8b9a87058703731
Fixed
682ddd62abd4bdcee7584246903e7a2df005fe0d
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
13ce2daa259a3bfbc9a5aeeee8b9a87058703731
Fixed
cd3be9843247edb8fc6fcd8d8237cbce2bc19f5e
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
13ce2daa259a3bfbc9a5aeeee8b9a87058703731
Fixed
92a871ab9fa59a74d013bc04f321026a057618e7

Affected versions

v6.*

v6.5
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.10
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.7.6
v6.7.7
v6.7.8
v6.7.9
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.6.0
Fixed
6.6.23
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.7.11
Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.8.2