CVE-2024-50163
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-50163
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50163.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-50163
- Downstream
- Related
- Published
- 2024-11-07T09:31:40.146Z
- Modified
- 2025-11-28T02:35:07.986008Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- bpf: Make sure internal and UAPI bpf_redirect flags don't overlap
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf: Make sure internal and UAPI bpf_redirect flags don't overlap
The bpfredirectinfo is shared between the SKB and XDP redirect paths, and the two paths use the same numeric flag values in the ri->flags field (specifically, BPFFBROADCAST == BPFFNEXTHOP). This means that if skb bpfredirectneigh() is used with a non-NULL params argument and, subsequently, an XDP redirect is performed using the same bpfredirectinfo struct, the XDP path will get confused and end up crashing, which syzbot managed to trigger.
With the stack-allocated bpfredirectinfo, the structure is no longer shared between the SKB and XDP paths, so the crash doesn't happen anymore. However, different code paths using identically-numbered flag values in the same struct field still seems like a bit of a mess, so this patch cleans that up by moving the flag definitions together and redefining the three flags in BPFFREDIRECTINTERNAL to not overlap with the flags used for XDP. It also adds a BUILDBUG_ON() check to make sure the overlap is not re-introduced by mistake.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50163.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/09d88791c7cd888d5195c84733caf9183dcfbd16
- https://git.kernel.org/stable/c/0fca5ed4be8e8bfbfb9bd97845af596bab7192d3
- https://git.kernel.org/stable/c/314dbee9fe4f5cee36435465de52c988d7caa466
- https://git.kernel.org/stable/c/4e1e428533845d48828bd3875c0e92e8565b9962
- https://git.kernel.org/stable/c/cec288e05ceac9a0d3a3a1fd279534b11844c826
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50163.json
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-50163
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede624d4ed4aa8cc3c69d1359b0aaea539203ed266Fixed4e1e428533845d48828bd3875c0e92e8565b9962Fixed314dbee9fe4f5cee36435465de52c988d7caa466Fixed0fca5ed4be8e8bfbfb9bd97845af596bab7192d3Fixedcec288e05ceac9a0d3a3a1fd279534b11844c826Fixed09d88791c7cd888d5195c84733caf9183dcfbd16