CVE-2024-47702: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability has been identified in the Linux kernel's BPF (Berkeley Packet Filter) subsystem, tracked as CVE-2024-47702. The issue was discovered when syzbot reported a kernel crash related to sign-extension of 32-bit load for packet data/dataend/datameta uapi field. This vulnerability affects Linux kernel versions from 6.6 up to (excluding) 6.10.13 and from 6.11 up to (excluding) 6.11.2 (NVD).

The vulnerability stems from improper handling of sign-extension in BPF verification. When loading skbuff->data with 32-bit sign extension, the verification and convertctx_accesses() process generates assembly code that includes an unsafe sign extension operation (r2 = (s32)r2), which can potentially make the kernel skbuff->data address invalid. The issue specifically occurs in the context of packet data, dataend, and data_meta access operations (Kernel Patch).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The primary impact is potential kernel crashes, leading to denial of service conditions when processing certain BPF programs (NVD).

The issue has been fixed by adding additional checking in the isvalidaccess() callback function for packet data/dataend/datameta access. The fix prevents verification of accesses with sign-extension for these fields. Users should upgrade to Linux kernel versions 6.10.13, 6.11.2, or later to address this vulnerability (Kernel Patch).