CVE-2024-50164: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's BPF verifier (CVE-2024-50164) was discovered where checkmemsize_reg() contains a flaw in handling memory access checks. The issue affects Linux kernel versions from 5.19 through 6.6.59 and 6.7 through 6.11.6. The vulnerability was reported by Lonial and received a CVSS v3.1 base score of 7.1 (HIGH) (NVD).

The vulnerability stems from an overloading of MEMUNINIT's meaning in the BPF verifier. When the register containing the size of the passed buffer doesn't have a fixed size, writes are not properly checked. This occurs because MEMUNINIT's original meaning of "the passed buffer to the BPF helper does not need to be initialized" was overloaded over time with "the passed buffer is being written to". Due to this double meaning, verifier write checks to memory are bypassed, though boundary checks remain intact (Kernel Patch).

Through this vulnerability, a BPF program can write to a map which is marked as read-only, such as .rodata global maps. This could potentially lead to unauthorized modifications of read-only memory regions (Kernel Patch).

The issue has been fixed by reverting MEMUNINIT back to its original meaning and introducing MEMWRITE as an annotation to BPF helpers to trigger proper BPF verifier checks for writing to memory. Users should upgrade to kernel version 6.6.59 or later, or 6.11.6 or later depending on their branch (Kernel Patch).