Back

CVE-2024-46764

Sept. 18, 2024, 8:15 a.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Linux kernel

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-09-18
CVE-2024-46764

CVE-2024-46764 details

Published : Sept. 18, 2024, 8:15 a.m.
Last Modified : Sept. 18, 2024, 8:15 a.m.

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: add check for invalid name in btf_name_valid_section() If the length of the name string is 1 and the value of name[0] is NULL byte, an OOB vulnerability occurs in btf_name_valid_section() and the return value is true, so the invalid name passes the check. To solve this, you need to check if the first position is NULL byte and if the first character is printable.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://git.kernel.org/stable/c/bb6705c3f93bed2af03d43691743d4c43e3c8e6f 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/c8ffe2d4d37a05ce18c71b87421443c16f8475e5 416baaa9-dc9f-4396-8d5f-8c081fb06d67
This website uses the NVD API, but is not approved or certified by it.