CVE-2024-50253: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) subsystem has been identified as CVE-2024-50253. The issue affects the bpf_iter_bits_new() function, where insufficient validation of nr_words parameter could lead to security issues. This vulnerability affects Linux kernel versions from 6.11 up to (excluding) 6.11.7, and various release candidates of version 6.12 (rc1 through rc5) (NVD).

The vulnerability stems from a lack of proper validation in the bpf_iter_bits_new() function. When multiplication overflow occurs for nr_bits (for example, when nr_words = 0x0400-0001, nr_bits becomes 64), stack corruption may occur due to bpf_probe_read_kernel_common with nr_bytes = 0x2000-0008. The issue has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD, Kernel Patch).

The vulnerability could lead to stack corruption in the Linux kernel, potentially resulting in system crashes or other undefined behavior. The CVSS scoring indicates that while the vulnerability requires local access and low privileges, it can cause high impact to system availability (NVD).

A fix has been implemented by limiting the maximum value of nr_words to 511, derived from the current implementation of the BPF memory allocator. The patch also adds a check using bpf_mem_alloc_check_size() to ensure compatibility with future changes in the BPF memory allocator's size limitations. The fix returns -E2BIG instead of -ENOMEM for oversized nr_bytes (Kernel Patch).