{"vulnerability": "CVE-2024-5016", "sightings": [{"uuid": "31ba6267-891f-4243-b39e-a10a61548b1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50160", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113441291484969274", "content": "", "creation_timestamp": "2024-11-07T10:52:18.233279Z"}, {"uuid": "dc744bcc-d376-49b2-8f7f-4818f6876e1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50161", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113441291499221888", "content": "", "creation_timestamp": "2024-11-07T10:52:18.345957Z"}, {"uuid": "3d969720-1543-4e44-80a6-74e13cfec500", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50162", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113441291515187787", "content": "", "creation_timestamp": "2024-11-07T10:52:18.874208Z"}, {"uuid": "6508674f-b579-4c30-b0d1-1b9478483bae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50163", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113441350519511886", "content": "", "creation_timestamp": "2024-11-07T11:07:19.035484Z"}, {"uuid": "4b396f12-7d66-4f2d-a816-6f3ee03a946f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50164", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113441350536152302", "content": "", "creation_timestamp": "2024-11-07T11:07:19.452295Z"}, {"uuid": "a3df08d1-6976-4524-80d5-105daf82c3b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50166", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113441350577758176", "content": "", "creation_timestamp": "2024-11-07T11:07:19.842316Z"}, {"uuid": "293669fe-104e-466b-9bd9-23db333b45e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50165", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113441350552985303", "content": "", "creation_timestamp": "2024-11-07T11:07:20.005775Z"}, {"uuid": "aeeea533-2271-428a-b190-89af96570e98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50167", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113441409579177688", "content": "", "creation_timestamp": "2024-11-07T11:22:20.209433Z"}, {"uuid": "2e10c73d-05d1-4533-bf73-9c9cdf26ddc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50168", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113441409612448857", "content": "", "creation_timestamp": "2024-11-07T11:22:20.674792Z"}, {"uuid": "a33cf527-2b69-4c38-9c7f-9e0585ecf700", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50169", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113441409630594716", "content": "", "creation_timestamp": "2024-11-07T11:22:20.852309Z"}, {"uuid": "e3e0741a-4f8b-41d5-8836-15a900544afe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-50166", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "8e8852d6-bc7b-481b-9920-a0ca71dec511", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50164", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2124", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-50164\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overloading of MEM_UNINIT's meaning\n\nLonial reported an issue in the BPF verifier where check_mem_size_reg()\nhas the following code:\n\n if (!tnum_is_const(reg->var_off))\n /* For unprivileged variable accesses, disable raw\n * mode so that the program is required to\n * initialize all the memory that the helper could\n * just partially fill up.\n */\n meta = NULL;\n\nThis means that writes are not checked when the register containing the\nsize of the passed buffer has not a fixed size. Through this bug, a BPF\nprogram can write to a map which is marked as read-only, for example,\n.rodata global maps.\n\nThe problem is that MEM_UNINIT's initial meaning that \"the passed buffer\nto the BPF helper does not need to be initialized\" which was added back\nin commit 435faee1aae9 (\"bpf, verifier: add ARG_PTR_TO_RAW_STACK type\")\ngot overloaded over time with \"the passed buffer is being written to\".\n\nThe problem however is that checks such as the above which were added later\nvia 06c1c049721a (\"bpf: allow helpers access to variable memory\") set meta\nto NULL in order force the user to always initialize the passed buffer to\nthe helper. Due to the current double meaning of MEM_UNINIT, this bypasses\nverifier write checks to the memory (not boundary checks though) and only\nassumes the latter memory is read instead.\n\nFix this by reverting MEM_UNINIT back to its original meaning, and having\nMEM_WRITE as an annotation to BPF helpers in order to then trigger the\nBPF verifier checks for writing to memory.\n\nSome notes: check_arg_pair_ok() ensures that for ARG_CONST_SIZE{,_OR_ZERO}\nwe can access fn->arg_type[arg - 1] since it must contain a preceding\nARG_PTR_TO_MEM. For check_mem_reg() the meta argument can be removed\naltogether since we do check both BPF_READ and BPF_WRITE. Same for the\nequivalent check_kfunc_mem_size_reg().\n\ud83d\udccf Published: 2024-11-07T09:31:41.012Z\n\ud83d\udccf Modified: 2025-01-17T13:27:00.246Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/43f4df339a4d375bedcad29a61ae6f0ee7a048f8\n2. https://git.kernel.org/stable/c/48068ccaea957469f1adf78dfd2c1c9a7e18f0fe\n3. https://git.kernel.org/stable/c/54bc31682660810af1bed7ca7a19f182df8d3df8\n4. https://git.kernel.org/stable/c/8ea607330a39184f51737c6ae706db7fdca7628e", "creation_timestamp": "2025-01-17T13:56:46.000000Z"}, {"uuid": "0acbbee0-c46e-4213-8b96-fd3914f77eff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-50164", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "e2d77171-3042-47bc-9d07-6f13f225be5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-50166", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "d417caa3-ec42-46ea-8791-8e1560a297d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50161", "type": "seen", "source": "https://t.me/cvedetector/10081", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50161 - Linux Kernel bpf Out-of-Bounds Read\", \n \"Content\": \"CVE ID : CVE-2024-50161 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbpf: Check the remaining info_cnt before repeating btf fields \n \nWhen trying to repeat the btf fields for array of nested struct, it \ndoesn't check the remaining info_cnt. The following splat will be \nreported when the value of ret * nelems is greater than BTF_FIELDS_MAX: \n \n ------------[ cut here ]------------ \n UBSAN: array-index-out-of-bounds in ../kernel/bpf/btf.c:3951:49 \n index 11 is out of range for type 'btf_field_info [11]' \n CPU: 6 UID: 0 PID: 411 Comm: test_progs ...... 6.11.0-rc4+ #1 \n Tainted: [O]=OOT_MODULE \n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ... \n Call Trace: \n \n dump_stack_lvl+0x57/0x70 \n dump_stack+0x10/0x20 \n ubsan_epilogue+0x9/0x40 \n __ubsan_handle_out_of_bounds+0x6f/0x80 \n ? kallsyms_lookup_name+0x48/0xb0 \n btf_parse_fields+0x992/0xce0 \n map_create+0x591/0x770 \n __sys_bpf+0x229/0x2410 \n __x64_sys_bpf+0x1f/0x30 \n x64_sys_call+0x199/0x9f0 \n do_syscall_64+0x3b/0xc0 \n entry_SYSCALL_64_after_hwframe+0x4b/0x53 \n RIP: 0033:0x7fea56f2cc5d \n ...... \n \n ---[ end trace ]--- \n \nFix it by checking the remaining info_cnt in btf_repeat_fields() before \nrepeating the btf fields. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T11:54:40.000000Z"}, {"uuid": "2dbe7c33-dbf7-4942-8bdb-e541ad4b9f4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50164", "type": "seen", "source": "https://t.me/cvedetector/10080", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50164 - Linux Kernel BPF Raw Write Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-50164 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbpf: Fix overloading of MEM_UNINIT's meaning \n \nLonial reported an issue in the BPF verifier where check_mem_size_reg() \nhas the following code: \n \n if (!tnum_is_const(reg->var_off)) \n /* For unprivileged variable accesses, disable raw \n * mode so that the program is required to \n * initialize all the memory that the helper could \n * just partially fill up. \n */ \n meta = NULL; \n \nThis means that writes are not checked when the register containing the \nsize of the passed buffer has not a fixed size. Through this bug, a BPF \nprogram can write to a map which is marked as read-only, for example, \n.rodata global maps. \n \nThe problem is that MEM_UNINIT's initial meaning that \"the passed buffer \nto the BPF helper does not need to be initialized\" which was added back \nin commit 435faee1aae9 (\"bpf, verifier: add ARG_PTR_TO_RAW_STACK type\") \ngot overloaded over time with \"the passed buffer is being written to\". \n \nThe problem however is that checks such as the above which were added later \nvia 06c1c049721a (\"bpf: allow helpers access to variable memory\") set meta \nto NULL in order force the user to always initialize the passed buffer to \nthe helper. Due to the current double meaning of MEM_UNINIT, this bypasses \nverifier write checks to the memory (not boundary checks though) and only \nassumes the latter memory is read instead. \n \nFix this by reverting MEM_UNINIT back to its original meaning, and having \nMEM_WRITE as an annotation to BPF helpers in order to then trigger the \nBPF verifier checks for writing to memory. \n \nSome notes: check_arg_pair_ok() ensures that for ARG_CONST_SIZE{,_OR_ZERO} \nwe can access fn->arg_type[arg - 1] since it must contain a preceding \nARG_PTR_TO_MEM. For check_mem_reg() the meta argument can be removed \naltogether since we do check both BPF_READ and BPF_WRITE. Same for the \nequivalent check_kfunc_mem_size_reg(). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T11:54:39.000000Z"}, {"uuid": "8de2bb06-661e-4959-ab0c-28f038880df1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50167", "type": "seen", "source": "https://t.me/cvedetector/10076", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50167 - Alteon Be2Net Linux Kernel Memory Leak Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-50167 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbe2net: fix potential memory leak in be_xmit() \n \nThe be_xmit() returns NETDEV_TX_OK without freeing skb \nin case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T11:54:33.000000Z"}, {"uuid": "8800bc34-8161-4a91-a7ff-8b8d94102b7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50166", "type": "seen", "source": "https://t.me/cvedetector/10075", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50166 - Freescale Semiconductor FMAN Reference Leak Vulnerability (Denial of Service)\", \n \"Content\": \"CVE ID : CVE-2024-50166 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nfsl/fman: Fix refcount handling of fman-related devices \n \nIn mac_probe() there are multiple calls to of_find_device_by_node(), \nfman_bind() and fman_port_bind() which takes references to of_dev->dev. \nNot all references taken by these calls are released later on error path \nin mac_probe() and in mac_remove() which lead to reference leaks. \n \nAdd references release. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T11:54:33.000000Z"}, {"uuid": "2f3fcf53-200a-49ef-af5b-dff3c8d995d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50168", "type": "seen", "source": "https://t.me/cvedetector/10077", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50168 - Qualcomm Atheros Ethernet miniport Memory Leak\", \n \"Content\": \"CVE ID : CVE-2024-50168 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet/sun3_82586: fix potential memory leak in sun3_82586_send_packet() \n \nThe sun3_82586_send_packet() returns NETDEV_TX_OK without freeing skb \nin case of skb->len being too long, add dev_kfree_skb() to fix it. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T11:54:37.000000Z"}, {"uuid": "8b0a6fd5-ffb0-4868-a4a0-dd6fe3fea796", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50165", "type": "seen", "source": "https://t.me/cvedetector/10074", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50165 - Linux Kernel BPF Mount Option Leak Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-50165 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbpf: Preserve param->string when parsing mount options \n \nIn bpf_parse_param(), keep the value of param->string intact so it can \nbe freed later. Otherwise, the kmalloc area pointed to by param->string \nwill be leaked as shown below: \n \nunreferenced object 0xffff888118c46d20 (size 8): \n comm \"new_name\", pid 12109, jiffies 4295580214 \n hex dump (first 8 bytes): \n 61 6e 79 00 38 c9 5c 7e any.8.\\~ \n backtrace (crc e1b7f876): \n [<00000000c6848ac7] kmemleak_alloc+0x4b/0x80 \n [<00000000de9f7d00] __kmalloc_node_track_caller_noprof+0x36e/0x4a0 \n [<000000003e29b886] memdup_user+0x32/0xa0 \n [<0000000007248326] strndup_user+0x46/0x60 \n [<0000000035b3dd29] __x64_sys_fsconfig+0x368/0x3d0 \n [<0000000018657927] x64_sys_call+0xff/0x9f0 \n [<00000000c0cabc95] do_syscall_64+0x3b/0xc0 \n [<000000002f331597] entry_SYSCALL_64_after_hwframe+0x4b/0x53 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T11:54:32.000000Z"}, {"uuid": "6f3ea5c3-aef9-474e-88be-c296091f4491", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50163", "type": "seen", "source": "https://t.me/cvedetector/10072", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50163 - Linux Kernel - BPF Bypass Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-50163 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbpf: Make sure internal and UAPI bpf_redirect flags don't overlap \n \nThe bpf_redirect_info is shared between the SKB and XDP redirect paths, \nand the two paths use the same numeric flag values in the ri->flags \nfield (specifically, BPF_F_BROADCAST == BPF_F_NEXTHOP). This means that \nif skb bpf_redirect_neigh() is used with a non-NULL params argument and, \nsubsequently, an XDP redirect is performed using the same \nbpf_redirect_info struct, the XDP path will get confused and end up \ncrashing, which syzbot managed to trigger. \n \nWith the stack-allocated bpf_redirect_info, the structure is no longer \nshared between the SKB and XDP paths, so the crash doesn't happen \nanymore. However, different code paths using identically-numbered flag \nvalues in the same struct field still seems like a bit of a mess, so \nthis patch cleans that up by moving the flag definitions together and \nredefining the three flags in BPF_F_REDIRECT_INTERNAL to not overlap \nwith the flags used for XDP. It also adds a BUILD_BUG_ON() check to make \nsure the overlap is not re-introduced by mistake. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T11:54:30.000000Z"}, {"uuid": "bd9d8a07-5e61-44bb-adad-6a6e747cdae0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50162", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/10070", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50162 - Linux Kernel Vuln - BPF Devmap Rxq Pointer Dereference\", \n \"Content\": \"CVE ID : CVE-2024-50162 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbpf: devmap: provide rxq after redirect \n \nrxq contains a pointer to the device from where \nthe redirect happened. Currently, the BPF program \nthat was executed after a redirect via BPF_MAP_TYPE_DEVMAP* \ndoes not have it set. \n \nThis is particularly bad since accessing ingress_ifindex, e.g. \n \nSEC(\"xdp\") \nint prog(struct xdp_md *pkt) \n{ \n return bpf_redirect_map(&dev_redirect_map, 0, 0); \n} \n \nSEC(\"xdp/devmap\") \nint prog_after_redirect(struct xdp_md *pkt) \n{ \n bpf_printk(\"ifindex %i\", pkt->ingress_ifindex); \n return XDP_PASS; \n} \n \ndepends on access to rxq, so a NULL pointer gets dereferenced: <1[ 574.475170] BUG: kernel NULL pointer dereference, address: 0000000000000000 <1[ 574.475188] #PF: supervisor read access in kernel mode <1[ 574.475194] #PF: error_code(0x0000) - not-present page <6[ 574.475199] PGD 0 P4D 0 <4[ 574.475207] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI <4[ 574.475217] CPU: 4 UID: 0 PID: 217 Comm: kworker/4:1 Not tainted 6.11.0-rc5-reduced-00859-g780801200300 #23 <4[ 574.475226] Hardware name: Intel(R) Client Systems NUC13ANHi7/NUC13ANBi7, BIOS ANRPL357.0026.2023.0314.1458 03/14/2023 <4[ 574.475231] Workqueue: mld mld_ifc_work <4[ 574.475247] RIP: 0010:bpf_prog_5e13354d9cf5018a_prog_after_redirect+0x17/0x3c <4[ 574.475257] Code: cc cc cc cc cc cc cc 80 00 00 00 cc cc cc cc cc cc cc cc f3 0f 1e fa 0f 1f 44 00 00 66 90 55 48 89 e5 f3 0f 1e fa 48 8b 57 20 <488b 52 00 8b 92 e0 00 00 00 48 bf f8 a6 d5 c4 5d a0 ff ff be 0b <4[ 574.475263] RSP: 0018:ffffa62440280c98 EFLAGS: 00010206 <4[ 574.475269] RAX: ffffa62440280cd8 RBX: 0000000000000001 RCX: 0000000000000000 <4[ 574.475274] RDX: 0000000000000000 RSI: ffffa62440549048 RDI: ffffa62440280ce0 <4[ 574.475278] RBP: ffffa62440280c98 R08: 0000000000000002 R09: 0000000000000001 <4[ 574.475281] R10: ffffa05dc8b98000 R11: ffffa05f577fca40 R12: ffffa05dcab24000 <4[ 574.475285] R13: ffffa62440280ce0 R14: ffffa62440549048 R15: ffffa62440549000 <4[ 574.475289] FS: 0000000000000000(0000) GS:ffffa05f4f700000(0000) knlGS:0000000000000000 <4[ 574.475294] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 <4[ 574.475298] CR2: 0000000000000000 CR3: 000000025522e000 CR4: 0000000000f50ef0 <4[ 574.475303] PKRU: 55555554 <4[ 574.475306] Call Trace: <4[ 574.475313] <4[ 574.475318] ? __die+0x23/0x70 <4[ 574.475329] ? page_fault_oops+0x180/0x4c0 <4[ 574.475339] ? skb_pp_cow_data+0x34c/0x490 <4[ 574.475346] ? kmem_cache_free+0x257/0x280 <4[ 574.475357] ? exc_page_fault+0x67/0x150 <4[ 574.475368] ? asm_exc_page_fault+0x26/0x30 <4[ 574.475381] ? bpf_prog_5e13354d9cf5018a_prog_after_redirect+0x17/0x3c <4[ 574.475386] bq_xmit_all+0x158/0x420 <4[ 574.475397] __dev_flush+0x30/0x90 <4[ 574.475407] veth_poll+0x216/0x250 [veth] <4[ 574.475421] __napi_poll+0x28/0x1c0 <4[ 574.475430] net_rx_action+0x32d/0x3a0 <4[ 574.475441] handle_softirqs+0xcb/0x2c0 <4[ 574.475451] do_softirq+0x40/0x60 <4[ 574.475458] <4[ 574.475461] <4[ 574.475464] __local_bh_enable_ip+0x66/0x70 <4[ 574.475471] __dev_queue_xmit+0x268/0xe40 <4[ 574.475480] ? selinux_ip_postroute+0x213/0x420 <4[ 574.475491] ? alloc_skb_with_frags+0x4a/0x1d0 <4[ 574.475502] ip6_finish_output2+0x2be/0x640 <4[ 574.475512] ? nf_hook_slow+0x42/0xf0 <4[ 574.475521] ip6_finish_output+0x194/0x300 <4[ 574.475529] ? __pfx_ip6_finish_output+0x10/0x10 <4[ 574.475538] mld_sendpack+0x17c/0x240 <4[ 574.475548] mld_ifc_work+0x192/0x410 <4[ 574.475557] process_one_work+0x15d/0x380 <4[ 574.475566] worker_thread+0x29d/0x3a0 <4[ 574.475573] ? __pfx_worker_t[...]", "creation_timestamp": "2024-11-07T11:54:25.000000Z"}, {"uuid": "1280c4b5-4d5e-4cbd-9c69-28f1288c1652", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50160", "type": "seen", "source": "https://t.me/cvedetector/10069", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50160 - Linux ALSA hda poate Dereference\", \n \"Content\": \"CVE ID : CVE-2024-50160 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nALSA: hda/cs8409: Fix possible NULL dereference \n \nIf snd_hda_gen_add_kctl fails to allocate memory and returns NULL, then \nNULL pointer dereference will occur in the next line. \n \nSince dolphin_fixups function is a hda_fixup function which is not supposed \nto return any errors, add simple check before dereference, ignore the fail. \n \nFound by Linux Verification Center (linuxtesting.org) with SVACE. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T11:54:24.000000Z"}, {"uuid": "85bc3c70-c2ca-4050-aeb1-eb5350dbe966", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50169", "type": "seen", "source": "https://t.me/cvedetector/10062", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50169 - Virtio Transport Vsock Rx Bytes Inconsistency Vulnerability in Linux Kernel\", \n \"Content\": \"CVE ID : CVE-2024-50169 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nvsock: Update rx_bytes on read_skb() \n \nMake sure virtio_transport_inc_rx_pkt() and virtio_transport_dec_rx_pkt() \ncalls are balanced (i.e. virtio_vsock_sock::rx_bytes doesn't lie) after \nvsock_transport::read_skb(). \n \nWhile here, also inform the peer that we've freed up space and it has more \ncredit. \n \nFailing to update rx_bytes after packet is dequeued leads to a warning on \nSOCK_STREAM recv(): \n \n[ 233.396654] rx_queue is empty, but rx_bytes is non-zero \n[ 233.396702] WARNING: CPU: 11 PID: 40601 at net/vmw_vsock/virtio_transport_common.c:589 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T11:54:16.000000Z"}]}