In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid splat in pskb_pull_reason syzkaller builds (CONFIG_DEBUG_NET=y) frequently trigger a debug hint in pskb_may_pull. We\'d like to retain this debug check because it might hint at integer overflows and other issues (kernel code should pull headers, not huge value). In bpf case, this splat isn\'t interesting at all: such (nonsensical) bpf programs are typically generated by a fuzzer anyway. Do what Eric suggested and suppress such warning. For CONFIG_DEBUG_NET=n we don\'t need the extra check because pskb_may_pull will do the right thing: return an error without the WARN() backtrace.
Find out more about CVE-2024-40996 from the MITRE-CVE dictionary and NIST NVD
Login may be required to access defects or downloads.
| Product Name | Status | Defect | Fixed | Downloads |
|---|---|---|---|---|
| Linux | ||||
| Wind River Linux LTS 17 | Requires LTSS | -- | -- | -- |
| Wind River Linux 8 | Requires LTSS | -- | -- | -- |
| Wind River Linux 9 | Requires LTSS | -- | -- | -- |
| Wind River Linux 7 | Requires LTSS | -- | -- | -- |
| Wind River Linux LTS 21 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 22 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 18 | Requires LTSS | -- | -- | -- |
| Wind River Linux LTS 19 | Not Vulnerable | -- | -- | -- |
| Wind River Linux CD release | N/A | -- | -- | -- |
| Wind River Linux 6 | Requires LTSS | -- | -- | -- |
| Wind River Linux LTS 23 | Fixed |
LIN1023-7126 |
10.23.30.12 | -- |
| Wind River Linux LTS 24 | Not Vulnerable |
LIN1024-2795 |
-- | -- |
| VxWorks | ||||
| VxWorks 7 | Not Vulnerable | -- | -- | -- |
| VxWorks 6.9 (End-of-Life) | Not Vulnerable | -- | -- | -- |
| Helix Virtualization Platform Cert Edition | ||||
| Helix Virtualization Platform Cert Edition | Not Vulnerable | -- | -- | -- |
| eLxr | ||||
| eLxr 12 | Fixed | -- | 6.1.99-1 | -- |
| Wind River Studio Cloud Platform | ||||
| Product Name | Status | Defect | Fixed | Downloads |
|---|
