Bug 2313112 (CVE-2024-46764)

Summary: CVE-2024-46764 kernel: bpf: add check for invalid name in btf_name_valid_section()
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: dfreiber, drow, jburrell, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2313239    
Bug Blocks:    

Description OSIDB Bzimport 2024-09-18 08:22:08 UTC 
In the Linux kernel, the following vulnerability has been resolved:

bpf: add check for invalid name in btf_name_valid_section()

If the length of the name string is 1 and the value of name[0] is NULL
byte, an OOB vulnerability occurs in btf_name_valid_section() and the
return value is true, so the invalid name passes the check.

To solve this, you need to check if the first position is NULL byte and
if the first character is printable.
Comment 1 Michal Findra 2024-09-18 10:45:44 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46764-2d5c@gregkh/T