CVE-2024-50253

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: Check the validity of nr_words in bpf_iter_bits_new()<br /> <br /> Check the validity of nr_words in bpf_iter_bits_new(). Without this<br /> check, when multiplication overflow occurs for nr_bits (e.g., when<br /> nr_words = 0x0400-0001, nr_bits becomes 64), stack corruption may occur<br /> due to bpf_probe_read_kernel_common(..., nr_bytes = 0x2000-0008).<br /> <br /> Fix it by limiting the maximum value of nr_words to 511. The value is<br /> derived from the current implementation of BPF memory allocator. To<br /> ensure compatibility if the BPF memory allocator&amp;#39;s size limitation<br /> changes in the future, use the helper bpf_mem_alloc_check_size() to<br /> check whether nr_bytes is too larger. And return -E2BIG instead of<br /> -ENOMEM for oversized nr_bytes.