CVE-2024-50254

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: Free dynamically allocated bits in bpf_iter_bits_destroy()<br /> <br /> bpf_iter_bits_destroy() uses "kit-&gt;nr_bits bit to kit-&gt;nr_bits instead of setting<br /> kit-&gt;nr_bits to zero when the iteration completes in<br /> bpf_iter_bits_next(). In addition, use "!nr_bits || bits &gt;= nr_bits" to<br /> check whether the iteration is complete and still use "nr_bits &gt; 64" to<br /> indicate whether bits are dynamically allocated. The "!nr_bits" check is<br /> necessary because bpf_iter_bits_new() may fail before setting<br /> kit-&gt;nr_bits, and this condition will stop the iteration early instead<br /> of accessing the zeroed or freed kit-&gt;bits.<br /> <br /> Considering the initial value of kit-&gt;bits is -1 and the type of<br /> kit-&gt;nr_bits is unsigned int, change the type of kit-&gt;nr_bits to int.<br /> The potential overflow problem will be handled in the following patch.