CVE-2024-43910: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel versions 6.8 and earlier (up to 6.10.5), a vulnerability (CVE-2024-43910) was discovered in the BPF subsystem. The issue allows passing a modified CONSTPTRTO_DYNPTR to a global function as an argument, which can lead to out-of-bounds memory accesses. This vulnerability was discovered and reported by Kumar Kartikeya Dwivedi (Kernel Patch).

The vulnerability stems from a missing checkfuncargregoff() validation in the BPF verifier when processing global function arguments of type ARGPTRTODYNPTR | MEMRDONLY. Additionally, the processdynptrfunc() did not perform explicit and strict type matching on the supplied register type. This allows BPF helpers to continue using modified CONSTPTRTO_DYNPTR within the global function context, potentially resulting in out-of-bounds memory accesses. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to out-of-bounds memory accesses, which can compromise overall system stability. This is evidenced by KASAN (Kernel Address Sanitizer) reports showing slab-out-of-bounds reads in the bpfdynptrdata function. The impact primarily affects system stability and could potentially be exploited to cause denial of service conditions (Kernel Patch).

The vulnerability has been patched by adding a checkfuncargregoff() validation and enforcing strict type matching in the processdynptrfunc(). Users should upgrade to kernel versions that include the fix. For Ubuntu users, the fix is available in various kernel packages including linux-azure (6.8.0-1020.23) for Ubuntu 24.04 and linux-azure (6.8.0-1020.23~22.04.1) for Ubuntu 22.04 (Ubuntu Notice).