DEBIAN-CVE-2024-46764

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2024-46764

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-46764.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-46764

Upstream

CVE-2024-46764

Published

2024-09-18T08:15:04Z

Modified

2025-09-27T09:00:34Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: bpf: add check for invalid name in btfnamevalidsection() If the length of the name string is 1 and the value of name[0] is NULL byte, an OOB vulnerability occurs in btfnamevalidsection() and the return value is true, so the invalid name passes the check. To solve this, you need to check if the first position is NULL byte and if the first character is printable.

References

https://security-tracker.debian.org/tracker/CVE-2024-46764

Affected packages

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.10.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.10.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}