Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2024-47728

Disclosure Date: October 21, 2024 •

CVE-2024-47728 CVSS v3 Base Score: 5.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

bpf: Zero former ARG_PTRTO{LONG,INT} args in case of error

For all non-tracing helpers which formerly had ARG_PTRTO{LONG,INT} as input
arguments, zero the value for the case of an error as otherwise it could leak
memory. For tracing, it is not needed given CAP_PERFMON can already read all
kernel memory anyway hence bpf_get_func_arg() and bpf_get_func_ret() is skipped
in here.

Also, the MTU helpers mtu_len pointer value is being written but also read.
Technically, the MEM_UNINIT should not be there in order to always force init.
Removing MEM_UNINIT needs more verifier rework though: MEM_UNINIT right now
implies two things actually: i) write into memory, ii) memory does not have
to be initialized. If we lift MEMUNINIT, it then becomes: i) read into memory,
ii) memory must be initialized. This means that for bpf*_check_mtu() we’re
readding the issue we’re trying to fix, that is, it would then be able to
write back into things like .rodata BPF maps. Follow-up work will rework the
MEM_UNINIT semantics such that the intent can be better expressed. For now
just clear the *mtu_len on error path which can be lifted later again.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.5 Medium

Impact Score:

3.6

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

linux

Products

linux kernel

References

Canonical

CVE-2024-47728 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47728)

Miscellaneous

https://git.kernel.org/stable/c/8397bf78988f3ae9dbebb0200189a62a57264980

https://git.kernel.org/stable/c/a634fa8e480ac2423f86311a602f6295df2c8ed0

https://git.kernel.org/stable/c/599d15b6d03356a97bff7a76155c5604c42a2962

https://git.kernel.org/stable/c/594a9f5a8d2de2573a856e506f77ba7dd2cefc6a

https://git.kernel.org/stable/c/4b3786a6c5397dc220b1483d8e2f4867743e966f

Rapid7

Unknown

CVE-2024-47728

Unknown

Unknown

None

Low

Local

CVE-2024-47728

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-47728

Unknown

Unknown

None

Low

Local

CVE-2024-47728

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification