AZL-68297

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68297.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-68297

Upstream

CVE-2024-46754

Published

2024-09-18T08:15:04Z

Modified

2026-04-01T05:21:23.776748Z

Summary

CVE-2024-46754 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: Remove tstrun from lwtseg6localprogops.

The syzbot reported that the lwtseg6 related BPF ops can be invoked via bpftestrun() without without entering inputactionendbpf() first.

Martin KaFai Lau said that self test for BPFPROGTYPELWTSEG6LOCAL probably didn't work since it was introduced in commit 04d4b274e2a ("ipv6: sr: Add seg6local action End.BPF"). The reason is that the per-CPU variable seg6bpfsrh_states::srh is never assigned in the self test case but each BPF function expects it.

Remove testrun for BPFPROGTYPELWT_SEG6LOCAL.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-46754

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68297.json"