CVE-2024-49987 Information

Description

In the Linux kernel the following vulnerability has been resolved:

bpftool: Fix undefined behavior in qsort(NULL 0 …)

When netfilter has no entry to display qsort is called with qsort(NULL 0 …). This results in undefined behavior as UBSan reports:

net.c:827:2: runtime error: null pointer passed as argument 1 which is declared to never be null

Although the C standard does not explicitly state whether calling qsort with a NULL pointer when the size is 0 constitutes undefined behavior Section 7.1.4 of the C standard (Use of library functions) mentions:

\Each of the following statements applies unless explicitly stated otherwise in the detailed descriptions that follow: If an argument to a function has an invalid value (such as a value outside the domain of the function or a pointer outside the address space of the program or a null pointer or a pointer to non-modifiable storage when the corresponding parameter is not const-qualified) or a type (after promotion) not expected by a function with variable number of arguments the behavior is undefined.\n To avoid this add an early return when nf_link_info is NULL to prevent calling qsort with a NULL pointer.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

https://git.kernel.org/stable/c/c2d9f9a7837ab29ccae0c42252f17d436bf0a501 https://git.kernel.org/stable/c/2e0f6f33f2aa87493b365a38a8fd87b8854b7734 https://git.kernel.org/stable/c/c208b02827eb642758cef65641995fd3f38c89af https://git.kernel.org/stable/c/f04e2ad394e2755d0bb2d858ecb5598718bf00d5

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.5