{"id":"CVE-2024-49850","summary":"bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos\n\nIn case of malformed relocation record of kind BPF_CORE_TYPE_ID_LOCAL\nreferencing a non-existing BTF type, function bpf_core_calc_relo_insn\nwould cause a null pointer deference.\n\nFix this by adding a proper check upper in call stack, as malformed\nrelocation records could be passed from user space.\n\nSimplest reproducer is a program:\n\n    r0 = 0\n    exit\n\nWith a single relocation record:\n\n    .insn_off = 0,          /* patch first instruction */\n    .type_id = 100500,      /* this type id does not exist */\n    .access_str_off = 6,    /* offset of string \"0\" */\n    .kind = BPF_CORE_TYPE_ID_LOCAL,\n\nSee the link for original reproducer or next commit for a test case.","modified":"2026-04-02T12:21:03.339141Z","published":"2024-10-21T12:18:44.098Z","related":["MGASA-2024-0344","MGASA-2024-0345","SUSE-SU-2024:3984-1","SUSE-SU-2024:3986-1","SUSE-SU-2024:4315-1","SUSE-SU-2024:4318-1","SUSE-SU-2024:4364-1","SUSE-SU-2024:4376-1","SUSE-SU-2024:4387-1","SUSE-SU-2025:20163-1","SUSE-SU-2025:20164-1","SUSE-SU-2025:20246-1","SUSE-SU-2025:20247-1","USN-7276-1","USN-7277-1","openSUSE-SU-2024:14500-1","openSUSE-SU-2025:14705-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49850.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2288b54b96dcb55bedebcef3572bb8821fc5e708"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3d2786d65aaa954ebd3fcc033ada433e10da21c4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/584cd3ff792e1edbea20b2a7df55897159b0be3e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dc7ce14f00bcd50641f2110b7a32aa6552e0780f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e7e9c5b2dda29067332df2a85b0141a92b41f218"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49850.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49850"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"74753e1462e77349525daf9eb60ea21ed92d3a97"},{"fixed":"dc7ce14f00bcd50641f2110b7a32aa6552e0780f"},{"fixed":"2288b54b96dcb55bedebcef3572bb8821fc5e708"},{"fixed":"584cd3ff792e1edbea20b2a7df55897159b0be3e"},{"fixed":"e7e9c5b2dda29067332df2a85b0141a92b41f218"},{"fixed":"3d2786d65aaa954ebd3fcc033ada433e10da21c4"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-49850.json"}}],"schema_version":"1.7.5"}