CVE-2024-35917 — NULL Pointer Dereference in Linux
Severity
5.5MEDIUMNVD
OSV6.8
EPSS
0.0%
top 90.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 19
Latest updateJul 26
Description
In the Linux kernel, the following vulnerability has been resolved:
s390/bpf: Fix bpf_plt pointer arithmetic
Kui-Feng Lee reported a crash on s390x triggered by the
dummy_st_ops/dummy_init_ptr_arg test [1]:
[] 0x2
[] bpf_struct_ops_test_run+0x156/0x250
[] __sys_bpf+0xa1a/0xd00
[] __s390x_sys_bpf+0x44/0x50
[] __do_syscall+0x244/0x300
[] system_call+0x70/0x98
This is caused by GCC moving memcpy() after assignments in
bpf_jit_plt(), resulting in NULL pointers being written instead of
the return…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages9 packages
▶CVEListV5linux/linuxf1d5df84cd8c3ec6460c78f5b86be7c84577a83f — c3062bdb859b6e2567e7f5c8cde20c0250bb130f+3
Patches
🔴Vulnerability Details
6OSV▶
linux, linux-azure, linux-gcp, linux-ibm, linux-intel, linux-lowlatency, linux-oem-6.8, linux-raspi vulnerabilities↗2024-07-11
GHSA▶
GHSA-6p8g-x822-g299: In the Linux kernel, the following vulnerability has been resolved:
s390/bpf: Fix bpf_plt pointer arithmetic
Kui-Feng Lee reported a crash on s390x↗2024-05-19