CVE-2024-40908

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-40908
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-40908.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-40908
Downstream
Related
Published
2024-07-12T12:20:47.807Z
Modified
2025-11-28T02:35:08.742895Z
Summary
bpf: Set run context for rawtp test_run callback
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: Set run context for rawtp test_run callback

syzbot reported crash when rawtp program executed through the testrun interface calls bpfgetattachcookie helper or any other helper that touches task->bpf_ctx pointer.

Setting the run context (task->bpfctx pointer) for testrun callback.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/40xxx/CVE-2024-40908.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7adfc6c9b315e174cf8743b21b7b691c8766791b
Fixed
789bd77c9342aa6125003871ae5c6034d0f6f9d2
Fixed
3708b6c2546c9eb34aead8a34a17e8ae69004e4d
Fixed
d387805d4b4a46ee01e3dae133c81b6d80195e5b
Fixed
ae0ba0ab7475a129ef7d449966edf677367efeb4
Fixed
d0d1df8ba18abc57f28fb3bc053b2bf319367f2c

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
5.15.162
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.95
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.35
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.9.6