{"id":"CVE-2024-43840","summary":"bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG\n\nWhen BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls\n__bpf_tramp_enter() and __bpf_tramp_exit() functions, passing them\nthe struct bpf_tramp_image *im pointer as an argument in R0.\n\nThe trampoline generation code uses emit_addr_mov_i64() to emit\ninstructions for moving the bpf_tramp_image address into R0, but\nemit_addr_mov_i64() assumes the address to be in the vmalloc() space\nand uses only 48 bits. Because bpf_tramp_image is allocated using\nkzalloc(), its address can use more than 48-bits, in this case the\ntrampoline will pass an invalid address to __bpf_tramp_enter/exit()\ncausing a kernel crash.\n\nFix this by using emit_a64_mov_i64() in place of emit_addr_mov_i64()\nas it can work with addresses that are greater than 48-bits.","modified":"2026-04-02T12:18:20.499868Z","published":"2024-08-17T09:21:55.841Z","related":["SUSE-SU-2024:3194-1","SUSE-SU-2024:3195-1","SUSE-SU-2024:3383-1","SUSE-SU-2025:20044-1","SUSE-SU-2025:20047-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43840.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/077149478497b2f00ff4fd9da2c892defa6418d8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/19d3c179a37730caf600a97fed3794feac2b197b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6d218fcc707d6b2c3616b6cd24b948fd4825cfec"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d9664e6ff040798a46cdc5d401064f55b8676c83"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43840.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43840"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"efc9909fdce00a827a37609628223cd45bf95d0b"},{"fixed":"077149478497b2f00ff4fd9da2c892defa6418d8"},{"fixed":"d9664e6ff040798a46cdc5d401064f55b8676c83"},{"fixed":"6d218fcc707d6b2c3616b6cd24b948fd4825cfec"},{"fixed":"19d3c179a37730caf600a97fed3794feac2b197b"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43840.json"}}],"schema_version":"1.7.5"}