CVE-2024-45020: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-45020 is a vulnerability in the Linux kernel's BPF verifier component, discovered when Daniel Hodges reported a kernel verifier crash while working with sched-ext. The issue was identified in Linux kernel versions from 6.6.15 up to (excluding) 6.6.48, and from 6.7 up to (excluding) 6.10.7, including release candidates 6.11-rc1 through 6.11-rc3 (NVD).

The vulnerability stems from an invalid memory access in the stacksafe() function of the BPF verifier. The issue occurs when comparing stack slot types between two states where 'i' iterates over old->allocated_stack. If cur->allocated_stack is less than old->allocated_stack, an out-of-bounds access occurs. The CVSS v3.1 base score is 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD, Kernel Patch).

The vulnerability can lead to a kernel verifier crash, potentially causing system availability issues. The CVSS scoring indicates that while there are no direct impacts on confidentiality or integrity, there is a high impact on system availability when successfully exploited (NVD).

The issue has been fixed by adding an 'i >= cur->allocated_stack' check in the stacksafe() function. When this condition is true, stacksafe() fails, preventing the out-of-bounds access. The fix has been implemented in kernel patches and is available through various distribution updates (Kernel Patch, Red Hat Advisory).