CVE-2024-49987: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49987 affects the Linux kernel's bpftool utility, specifically related to undefined behavior in qsort(NULL, 0, ...) function calls. The vulnerability was discovered when netfilter has no entries to display, causing qsort to be called with a NULL pointer. This issue affects Linux kernel versions up to (excluding) 6.6.55, versions from 6.7 up to (excluding) 6.10.14, and versions from 6.11 up to (excluding) 6.11.3 (NVD).

The vulnerability stems from undefined behavior in the C standard's qsort function implementation. When netfilter has no entries to display, the code calls qsort(NULL, 0, ...), which according to Section 7.1.4 of the C standard constitutes undefined behavior. The issue was identified through UBSan (Undefined Behavior Sanitizer) which reported a runtime error at net.c:827:2 indicating a null pointer was passed as an argument that was declared to never be null. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could lead to undefined behavior in the Linux kernel's bpftool utility when displaying netfilter entries. While there are no direct confidentiality or integrity impacts reported, the availability impact is rated as High according to the CVSS score, potentially affecting system stability when the vulnerable code path is triggered (NVD).

The vulnerability has been patched by adding an early return when nflinkinfo is NULL to prevent calling qsort with a NULL pointer. The fix has been implemented in the Linux kernel through multiple commits. Users should update their systems to Linux kernel versions 6.6.55, 6.10.14, or 6.11.3 or later to address this vulnerability (Kernel Patch).