vulnerability

Red Hat: CVE-2024-50162: kernel: bpf: devmap: provide rxq after redirect (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:L/AC:L/Au:M/C:N/I:N/A:C)	Nov 7, 2024	May 15, 2025	May 15, 2025

Severity

CVSS

(AV:L/AC:L/Au:M/C:N/I:N/A:C)

Published

Nov 7, 2024

Added

May 15, 2025

Modified

May 15, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

bpf: devmap: provide rxq after redirect

rxq contains a pointer to the device from where
the redirect happened. Currently, the BPF program
that was executed after a redirect via BPF_MAP_TYPE_DEVMAP*
does not have it set.

This is particularly bad since accessing ingress_ifindex, e.g.

SEC("xdp")
int prog(struct xdp_md *pkt)
{
return bpf_redirect_map(&dev_redirect_map, 0, 0);
}

SEC("xdp/devmap")
int prog_after_redirect(struct xdp_md *pkt)
{
bpf_printk("ifindex %i", pkt->ingress_ifindex);
return XDP_PASS;
}

depends on access to rxq, so a NULL pointer gets dereferenced:

8b 52 00 8b 92 e0 00 00 00 48 bf f8 a6 d5 c4 5d a0 ff ff be 0b

---truncated---

Solution(s)

redhat-upgrade-kernelredhat-upgrade-kernel-rt

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today