What is the severity of CVE-2024-47703?

CVE-2024-47703 is classified as a high severity vulnerability due to the potential for kernel panic.

How do I fix CVE-2024-47703?

To mitigate CVE-2024-47703, upgrade your Linux kernel to version 6.12.12-1 or later.

What systems are affected by CVE-2024-47703?

CVE-2024-47703 affects multiple versions of the Linux kernel ranging from 5.7 to 6.11.2.

What is the impact of CVE-2024-47703?

If exploited, CVE-2024-47703 can lead to a kernel panic, rendering the system unresponsive.

When was CVE-2024-47703 published?

CVE-2024-47703 was published in 2024, addressing an issue in the Linux kernel related to BPF LSM.

Vulnerability/
CVE-2024-47703

medium

5.5

21/10/2024

19/12/2024

CVE-2024-47703: bpf, lsm: Add check for BPF LSM return value

First published: Mon Oct 21 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: bpf, lsm: Add check for BPF LSM return value A bpf prog returning a positive number attached to file_alloc_security hook makes kernel panic. This happens because file system can not filter out the positive number returned by the LSM prog using IS_ERR, and misinterprets this positive number as a file pointer. Given that hook file_alloc_security never returned positive number before the introduction of BPF LSM, and other BPF LSM hooks may encounter similar issues, this patch adds LSM return value check in verifier, to ensure no unexpected value is returned.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel	>=5.7<6.10.13
Linux Kernel	>=6.11<6.11.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-47703?
CVE-2024-47703 is classified as a high severity vulnerability due to the potential for kernel panic.
How do I fix CVE-2024-47703?
To mitigate CVE-2024-47703, upgrade your Linux kernel to version 6.12.12-1 or later.
What systems are affected by CVE-2024-47703?
CVE-2024-47703 affects multiple versions of the Linux kernel ranging from 5.7 to 6.11.2.
What is the impact of CVE-2024-47703?
If exploited, CVE-2024-47703 can lead to a kernel panic, rendering the system unresponsive.
When was CVE-2024-47703 published?
CVE-2024-47703 was published in 2024, addressing an issue in the Linux kernel related to BPF LSM.

agent/title
agent/references
agent/type
agent/first-publish-date
agent/description
agent/author
agent/event
agent/remedy
agent/severity
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/linux
canonical/linux kernel
version/linux kernel/5.7
version/linux kernel/6.11

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

CVE-2024-47703: bpf, lsm: Add check for BPF LSM return value

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-47703?

How do I fix CVE-2024-47703?

What systems are affected by CVE-2024-47703?

What is the impact of CVE-2024-47703?

When was CVE-2024-47703 published?

Company

Resources

Contact