What is the severity of CVE-2024-58100?

CVE-2024-58100 has a high severity rating due to its potential to lead to denial of service in the Linux kernel.

How do I fix CVE-2024-58100?

To fix CVE-2024-58100, update your Linux kernel to the latest version that includes the patch addressing this vulnerability.

What systems are affected by CVE-2024-58100?

CVE-2024-58100 affects the Linux kernel, impacting various distributions that utilize this software.

What type of attack does CVE-2024-58100 relate to?

CVE-2024-58100 relates to potential exploitation in the kernel that could be leveraged for denial of service attacks.

Is CVE-2024-58100 being actively exploited?

As of now, there are no confirmed reports of active exploitation specifically targeting CVE-2024-58100.

Vulnerability/
CVE-2024-58100

5/5/2025

CVE-2024-58100: bpf: check changes_pkt_data property for extension programs

First published: Mon May 05 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: bpf: check changes_pkt_data property for extension programs When processing calls to global sub-programs, verifier decides whether to invalidate all packet pointers in current state depending on the changes_pkt_data property of the global sub-program. Because of this, an extension program replacing a global sub-program must be compatible with changes_pkt_data property of the sub-program being replaced. This commit: - adds changes_pkt_data flag to struct bpf_prog_aux: - this flag is set in check_cfg() for main sub-program; - in jit_subprogs() for other sub-programs; - modifies bpf_check_attach_btf_id() to check changes_pkt_data flag; - moves call to check_attach_btf_id() after the call to check_cfg(), because it needs changes_pkt_data flag to be set: bpf_check: ... ... - check_attach_btf_id resolve_pseudo_ldimm64 resolve_pseudo_ldimm64 --> bpf_prog_is_offloaded bpf_prog_is_offloaded check_cfg check_cfg + check_attach_btf_id ... ... The following fields are set by check_attach_btf_id(): - env->ops - prog->aux->attach_btf_trace - prog->aux->attach_func_name - prog->aux->attach_func_proto - prog->aux->dst_trampoline - prog->aux->mod - prog->aux->saved_dst_attach_type - prog->aux->saved_dst_prog_type - prog->expected_attach_type Neither of these fields are used by resolve_pseudo_ldimm64() or bpf_prog_offload_verifier_prep() (for netronome and netdevsim drivers), so the reordering is safe.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-58100?
CVE-2024-58100 has a high severity rating due to its potential to lead to denial of service in the Linux kernel.
How do I fix CVE-2024-58100?
To fix CVE-2024-58100, update your Linux kernel to the latest version that includes the patch addressing this vulnerability.
What systems are affected by CVE-2024-58100?
CVE-2024-58100 affects the Linux kernel, impacting various distributions that utilize this software.
What type of attack does CVE-2024-58100 relate to?
CVE-2024-58100 relates to potential exploitation in the kernel that could be leveraged for denial of service attacks.
Is CVE-2024-58100 being actively exploited?
As of now, there are no confirmed reports of active exploitation specifically targeting CVE-2024-58100.

collector/mitre-cve
source/MITRE
agent/references
agent/title
agent/description
agent/type
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/last-modified-date
agent/author
agent/source
agent/tags
agent/event
vendor/the linux foundation
canonical/linux kernel