CVE-2024-46754

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-46754

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-46754.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-46754

Downstream

BELL-CVE-2024-46754

DEBIAN-CVE-2024-46754

ECHO-768d-5a29-631e

OESA-2024-2255

OESA-2024-2257

OESA-2024-2258

OESA-2024-2296

RHSA-2025:6966

SUSE-SU-2024:3983-1

SUSE-SU-2024:3984-1

SUSE-SU-2024:3985-1

SUSE-SU-2024:3986-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4364-1

SUSE-SU-2024:4387-1

UBUNTU-CVE-2024-46754

USN-7154-1

USN-7154-2

USN-7155-1

USN-7156-1

USN-7196-1

Related

Published

2024-09-18T08:15:04Z

Modified

2025-08-09T20:01:27Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: Remove tstrun from lwtseg6localprogops.

The syzbot reported that the lwtseg6 related BPF ops can be invoked via bpftestrun() without without entering inputactionendbpf() first.

Martin KaFai Lau said that self test for BPFPROGTYPELWTSEG6LOCAL probably didn't work since it was introduced in commit 04d4b274e2a ("ipv6: sr: Add seg6local action End.BPF"). The reason is that the per-CPU variable seg6bpfsrh_states::srh is never assigned in the self test case but each BPF function expects it.

Remove testrun for BPFPROGTYPELWT_SEG6LOCAL.

References

Affected packages