CVE-2024-36918
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-36918
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36918.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-36918
- Downstream
- Related
- Published
- 2024-05-30T15:29:13Z
- Modified
- 2025-10-17T06:30:22.209096Z
- Summary
- bpf: Check bloom filter map value size
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf: Check bloom filter map value size
This patch adds a missing check to bloom filter creating, rejecting values above KMALLOCMAXSIZE. This brings the bloom map in line with many other map types.
The lack of this protection can cause kernel crashes for value sizes that overflow int's. Such a crash was caught by syzkaller. The next patch adds more guard-rails at a lower level.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c
- https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687
- https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d
- https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9330986c03006ab1d33d243b7cfe598a7a3c1baaFixedfa6995eeb62e74b5a1480c73fb7b420c270784d3
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9330986c03006ab1d33d243b7cfe598a7a3c1baaFixed608e13706c8b6c658a0646f09ebced74ec367f7c
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9330986c03006ab1d33d243b7cfe598a7a3c1baaFixedc418afb9bf23e2f2b76cb819601e4a5d9dbab42d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9330986c03006ab1d33d243b7cfe598a7a3c1baaFixeda8d89feba7e54e691ca7c4efc2a6264fa83f3687
Affected versions
v5.*
v5.15
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.85
v6.1.86
v6.1.87
v6.1.88
v6.1.89
v6.1.9
v6.1.90
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9
Database specific
vanir_signatures
[
{
"id": "CVE-2024-36918-0d1d5bd9",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "kernel/bpf/bloom_filter.c"
},
"digest": {
"line_hashes": [
"184116130838562753175121790187570936108",
"153757151421596146487763234112459845470",
"18336962427160544853068676575425031206",
"260685036288466458374240862323763358590",
"188156459304702838338066859160808303678",
"182736364686502629915068512064358930287",
"213597206613611256651188766040616479674"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c418afb9bf23e2f2b76cb819601e4a5d9dbab42d"
},
{
"id": "CVE-2024-36918-0f987aee",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c"
},
"digest": {
"line_hashes": [
"294407614828112802156306534706219516825",
"115946646467696145637981522405498213426",
"237564746584728258423486178777589195633",
"8994416623881733990073749232345184763"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c418afb9bf23e2f2b76cb819601e4a5d9dbab42d"
},
{
"id": "CVE-2024-36918-47fa17e5",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "kernel/bpf/bloom_filter.c"
},
"digest": {
"line_hashes": [
"184116130838562753175121790187570936108",
"153757151421596146487763234112459845470",
"18336962427160544853068676575425031206",
"260685036288466458374240862323763358590",
"188156459304702838338066859160808303678",
"182736364686502629915068512064358930287",
"213597206613611256651188766040616479674"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fa6995eeb62e74b5a1480c73fb7b420c270784d3"
},
{
"id": "CVE-2024-36918-67c6375f",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c"
},
"digest": {
"line_hashes": [
"294407614828112802156306534706219516825",
"115946646467696145637981522405498213426",
"237564746584728258423486178777589195633",
"8994416623881733990073749232345184763"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fa6995eeb62e74b5a1480c73fb7b420c270784d3"
},
{
"id": "CVE-2024-36918-70ac77e5",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c",
"function": "test_fail_cases"
},
"digest": {
"function_hash": "33486378494387082435348787117693336244",
"length": 1722.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a8d89feba7e54e691ca7c4efc2a6264fa83f3687"
},
{
"id": "CVE-2024-36918-76d9f225",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c"
},
"digest": {
"line_hashes": [
"294407614828112802156306534706219516825",
"115946646467696145637981522405498213426",
"237564746584728258423486178777589195633",
"8994416623881733990073749232345184763"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@608e13706c8b6c658a0646f09ebced74ec367f7c"
},
{
"id": "CVE-2024-36918-85de9cdd",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c"
},
"digest": {
"line_hashes": [
"294407614828112802156306534706219516825",
"115946646467696145637981522405498213426",
"237564746584728258423486178777589195633",
"8994416623881733990073749232345184763"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a8d89feba7e54e691ca7c4efc2a6264fa83f3687"
},
{
"id": "CVE-2024-36918-a1804e41",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c",
"function": "test_fail_cases"
},
"digest": {
"function_hash": "33486378494387082435348787117693336244",
"length": 1722.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@608e13706c8b6c658a0646f09ebced74ec367f7c"
},
{
"id": "CVE-2024-36918-b383a82e",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c",
"function": "test_fail_cases"
},
"digest": {
"function_hash": "33486378494387082435348787117693336244",
"length": 1722.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fa6995eeb62e74b5a1480c73fb7b420c270784d3"
},
{
"id": "CVE-2024-36918-cf8fb9f5",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "kernel/bpf/bloom_filter.c"
},
"digest": {
"line_hashes": [
"184116130838562753175121790187570936108",
"153757151421596146487763234112459845470",
"18336962427160544853068676575425031206",
"260685036288466458374240862323763358590",
"188156459304702838338066859160808303678",
"182736364686502629915068512064358930287",
"213597206613611256651188766040616479674"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a8d89feba7e54e691ca7c4efc2a6264fa83f3687"
},
{
"id": "CVE-2024-36918-df393eaa",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c",
"function": "test_fail_cases"
},
"digest": {
"function_hash": "33486378494387082435348787117693336244",
"length": 1722.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c418afb9bf23e2f2b76cb819601e4a5d9dbab42d"
},
{
"id": "CVE-2024-36918-ef00c04b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "kernel/bpf/bloom_filter.c"
},
"digest": {
"line_hashes": [
"184116130838562753175121790187570936108",
"153757151421596146487763234112459845470",
"18336962427160544853068676575425031206",
"260685036288466458374240862323763358590",
"188156459304702838338066859160808303678",
"182736364686502629915068512064358930287",
"213597206613611256651188766040616479674"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@608e13706c8b6c658a0646f09ebced74ec367f7c"
}
]