CVE-2024-40996

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-40996

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-40996.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-40996

Downstream

BELL-CVE-2024-40996

DEBIAN-CVE-2024-40996

DLA-4008-1

DSA-5731-1

OESA-2024-2076

UBUNTU-CVE-2024-40996

USN-6999-1

USN-6999-2

USN-7004-1

USN-7005-1

USN-7005-2

USN-7008-1

USN-7029-1

Published

2024-07-12T12:37:38.454Z

Modified

2025-11-27T19:35:14.184206Z

Summary

bpf: Avoid splat in pskb_pull_reason

Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: Avoid splat in pskbpullreason

syzkaller builds (CONFIGDEBUGNET=y) frequently trigger a debug hint in pskbmaypull.

We'd like to retain this debug check because it might hint at integer overflows and other issues (kernel code should pull headers, not huge value).

In bpf case, this splat isn't interesting at all: such (nonsensical) bpf programs are typically generated by a fuzzer anyway.

Do what Eric suggested and suppress such warning.

For CONFIGDEBUGNET=n we don't need the extra check because pskbmaypull will do the right thing: return an error without the WARN() backtrace.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/ee626f5d79d5817bb21d6f048dc0da4c4e383443/cves/2024/40xxx/CVE-2024-40996.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

8af60bb2b215f478b886f1d6d302fefa7f0b917d

Fixed

dacc15e9cb248d19e5fc63c54bef0b9b55007761

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

1b2b26595bb09febf14c5444c873ac4ec90a5a77

Fixed

7f9644782c559635bd676c12c59389a34ed7c866

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

219eee9c0d16f1b754a8b85275854ab17df0850a

Fixed

5e90258303a358e88737afb5048bee9113beea3a

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

219eee9c0d16f1b754a8b85275854ab17df0850a

Fixed

2bbe3e5a2f4ef69d13be54f1cf895b4658287080

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

fff05b2b004d9a8a2416d08647f3dc9068e357c8

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.96

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.36

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.9.7