CVE-2024-43843

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-43843
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-43843.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-43843
Downstream
Published
2024-08-17T09:21:57Z
Modified
2025-10-17T10:15:33.726148Z
Summary
riscv, bpf: Fix out-of-bounds issue when preparing trampoline image
Details

In the Linux kernel, the following vulnerability has been resolved:

riscv, bpf: Fix out-of-bounds issue when preparing trampoline image

We get the size of the trampoline image during the dry run phase and allocate memory based on that size. The allocated image will then be populated with instructions during the real patch phase. But after commit 26ef208c209a ("bpf: Use archbpftrampolinesize"), the im argument is inconsistent in the dry run and real patch phase. This may cause emitimm in RV64 to generate a different number of instructions when generating the 'im' address, potentially causing out-of-bounds issues. Let's emit the maximum number of instructions for the "im" address during dry run to fix this problem.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
26ef208c209a0e6eed8942a5d191b39dccfa6e38
Fixed
3e6a1b1b179abb643ec3560c02bc3082bc92285f
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
26ef208c209a0e6eed8942a5d191b39dccfa6e38
Fixed
9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.2
v6.7
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "arch/riscv/net/bpf_jit_comp64.c"
        },
        "signature_type": "Line",
        "id": "CVE-2024-43843-1cfc76e1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "22529712380541879417623470183645859066",
                "141857688411598597703974349659676893478",
                "316093831594485555878457101651222359102",
                "24374199511144457957678692446829351065",
                "27194716484187608805788312325689533588",
                "193060609339521785638660975854917543668",
                "329628332307097581822784083612144119829",
                "94164222896084244160272042200970858238",
                "31264057835518908169512582064878426071",
                "290694006823790271790409829064264105011",
                "78345193491307648080719854492486615478",
                "156483163793878387034698640105626104855",
                "141680105404116636787706230611640927687",
                "62856784228330174194431893232102642351",
                "53743398273904145464964873612918852999",
                "83773532659466358380328359759560364345",
                "76961298778387810573890962133505994083",
                "339080577407777624862633375995329758626",
                "118875334615510233884173984637457510080",
                "27558847703653202024095885717457739506",
                "159669924932641573822931066325557871285"
            ]
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "arch/riscv/net/bpf_jit_comp64.c",
            "function": "arch_prepare_bpf_trampoline"
        },
        "signature_type": "Function",
        "id": "CVE-2024-43843-3b4987c2",
        "digest": {
            "length": 403.0,
            "function_hash": "265888959369933699259838265196247857077"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3e6a1b1b179abb643ec3560c02bc3082bc92285f"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "arch/riscv/net/bpf_jit_comp64.c"
        },
        "signature_type": "Line",
        "id": "CVE-2024-43843-5c772899",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "22529712380541879417623470183645859066",
                "141857688411598597703974349659676893478",
                "316093831594485555878457101651222359102",
                "24374199511144457957678692446829351065",
                "27194716484187608805788312325689533588",
                "193060609339521785638660975854917543668",
                "329628332307097581822784083612144119829",
                "94164222896084244160272042200970858238",
                "31264057835518908169512582064878426071",
                "290694006823790271790409829064264105011",
                "78345193491307648080719854492486615478",
                "156483163793878387034698640105626104855",
                "141680105404116636787706230611640927687",
                "62856784228330174194431893232102642351",
                "53743398273904145464964873612918852999",
                "83773532659466358380328359759560364345",
                "76961298778387810573890962133505994083",
                "339080577407777624862633375995329758626",
                "118875334615510233884173984637457510080",
                "27558847703653202024095885717457739506",
                "159669924932641573822931066325557871285"
            ]
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3e6a1b1b179abb643ec3560c02bc3082bc92285f"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "arch/riscv/net/bpf_jit_comp64.c",
            "function": "__arch_prepare_bpf_trampoline"
        },
        "signature_type": "Function",
        "id": "CVE-2024-43843-6992de89",
        "digest": {
            "length": 5112.0,
            "function_hash": "136594205531851162791617551512430286595"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "arch/riscv/net/bpf_jit_comp64.c",
            "function": "__arch_prepare_bpf_trampoline"
        },
        "signature_type": "Function",
        "id": "CVE-2024-43843-90537009",
        "digest": {
            "length": 5103.0,
            "function_hash": "48690315156479250550216700299509884737"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3e6a1b1b179abb643ec3560c02bc3082bc92285f"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "arch/riscv/net/bpf_jit_comp64.c",
            "function": "arch_prepare_bpf_trampoline"
        },
        "signature_type": "Function",
        "id": "CVE-2024-43843-db0f32ff",
        "digest": {
            "length": 403.0,
            "function_hash": "265888959369933699259838265196247857077"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.10.3