In the Linux kernel, the following vulnerability has been resolved:
bpf: Check bloom filter map value size
This patch adds a missing check to bloom filter creating, rejecting values above KMALLOCMAXSIZE. This brings the bloom map in line with many other map types.
The lack of this protection can cause kernel crashes for value sizes that overflow int's. Such a crash was caught by syzkaller. The next patch adds more guard-rails at a lower level.
[
    {
        "id": "CVE-2024-36918-0d1d5bd9",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "kernel/bpf/bloom_filter.c"
        },
        "digest": {
            "line_hashes": [
                "184116130838562753175121790187570936108",
                "153757151421596146487763234112459845470",
                "18336962427160544853068676575425031206",
                "260685036288466458374240862323763358590",
                "188156459304702838338066859160808303678",
                "182736364686502629915068512064358930287",
                "213597206613611256651188766040616479674"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c418afb9bf23e2f2b76cb819601e4a5d9dbab42d"
    },
    {
        "id": "CVE-2024-36918-0f987aee",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c"
        },
        "digest": {
            "line_hashes": [
                "294407614828112802156306534706219516825",
                "115946646467696145637981522405498213426",
                "237564746584728258423486178777589195633",
                "8994416623881733990073749232345184763"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c418afb9bf23e2f2b76cb819601e4a5d9dbab42d"
    },
    {
        "id": "CVE-2024-36918-47fa17e5",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "kernel/bpf/bloom_filter.c"
        },
        "digest": {
            "line_hashes": [
                "184116130838562753175121790187570936108",
                "153757151421596146487763234112459845470",
                "18336962427160544853068676575425031206",
                "260685036288466458374240862323763358590",
                "188156459304702838338066859160808303678",
                "182736364686502629915068512064358930287",
                "213597206613611256651188766040616479674"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fa6995eeb62e74b5a1480c73fb7b420c270784d3"
    },
    {
        "id": "CVE-2024-36918-67c6375f",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c"
        },
        "digest": {
            "line_hashes": [
                "294407614828112802156306534706219516825",
                "115946646467696145637981522405498213426",
                "237564746584728258423486178777589195633",
                "8994416623881733990073749232345184763"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fa6995eeb62e74b5a1480c73fb7b420c270784d3"
    },
    {
        "id": "CVE-2024-36918-70ac77e5",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c",
            "function": "test_fail_cases"
        },
        "digest": {
            "function_hash": "33486378494387082435348787117693336244",
            "length": 1722.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a8d89feba7e54e691ca7c4efc2a6264fa83f3687"
    },
    {
        "id": "CVE-2024-36918-76d9f225",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c"
        },
        "digest": {
            "line_hashes": [
                "294407614828112802156306534706219516825",
                "115946646467696145637981522405498213426",
                "237564746584728258423486178777589195633",
                "8994416623881733990073749232345184763"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@608e13706c8b6c658a0646f09ebced74ec367f7c"
    },
    {
        "id": "CVE-2024-36918-85de9cdd",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c"
        },
        "digest": {
            "line_hashes": [
                "294407614828112802156306534706219516825",
                "115946646467696145637981522405498213426",
                "237564746584728258423486178777589195633",
                "8994416623881733990073749232345184763"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a8d89feba7e54e691ca7c4efc2a6264fa83f3687"
    },
    {
        "id": "CVE-2024-36918-a1804e41",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c",
            "function": "test_fail_cases"
        },
        "digest": {
            "function_hash": "33486378494387082435348787117693336244",
            "length": 1722.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@608e13706c8b6c658a0646f09ebced74ec367f7c"
    },
    {
        "id": "CVE-2024-36918-b383a82e",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c",
            "function": "test_fail_cases"
        },
        "digest": {
            "function_hash": "33486378494387082435348787117693336244",
            "length": 1722.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fa6995eeb62e74b5a1480c73fb7b420c270784d3"
    },
    {
        "id": "CVE-2024-36918-cf8fb9f5",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "kernel/bpf/bloom_filter.c"
        },
        "digest": {
            "line_hashes": [
                "184116130838562753175121790187570936108",
                "153757151421596146487763234112459845470",
                "18336962427160544853068676575425031206",
                "260685036288466458374240862323763358590",
                "188156459304702838338066859160808303678",
                "182736364686502629915068512064358930287",
                "213597206613611256651188766040616479674"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a8d89feba7e54e691ca7c4efc2a6264fa83f3687"
    },
    {
        "id": "CVE-2024-36918-df393eaa",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c",
            "function": "test_fail_cases"
        },
        "digest": {
            "function_hash": "33486378494387082435348787117693336244",
            "length": 1722.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c418afb9bf23e2f2b76cb819601e4a5d9dbab42d"
    },
    {
        "id": "CVE-2024-36918-ef00c04b",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "kernel/bpf/bloom_filter.c"
        },
        "digest": {
            "line_hashes": [
                "184116130838562753175121790187570936108",
                "153757151421596146487763234112459845470",
                "18336962427160544853068676575425031206",
                "260685036288466458374240862323763358590",
                "188156459304702838338066859160808303678",
                "182736364686502629915068512064358930287",
                "213597206613611256651188766040616479674"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@608e13706c8b6c658a0646f09ebced74ec367f7c"
    }
]