CVE-2024-47702: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability has been identified in the Linux kernel's BPF (Berkeley Packet Filter) subsystem, tracked as CVE-2024-47702. The issue was discovered when syzbot reported a kernel crash related to sign-extension of 32-bit load for packet data/data_end/data_meta uapi field. This vulnerability affects Linux kernel versions from 6.6 up to (excluding) 6.10.13 and from 6.11 up to (excluding) 6.11.2 (NVD).

The vulnerability stems from improper handling of sign-extension in BPF verification. When loading __sk_buff->data with 32-bit sign extension, the verification and convert_ctx_accesses() process generates assembly code that includes an unsafe sign extension operation (r2 = (s32)r2), which can potentially make the kernel __sk_buff->data address invalid. The issue specifically occurs in the context of packet data, data_end, and data_meta access operations (Kernel Patch).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The primary impact is potential kernel crashes, leading to denial of service conditions when processing certain BPF programs (NVD).

The issue has been fixed by adding additional checking in the is_valid_access() callback function for packet data/data_end/data_meta access. The fix prevents verification of accesses with sign-extension for these fields. Users should upgrade to Linux kernel versions 6.10.13, 6.11.2, or later to address this vulnerability (Kernel Patch).