AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-47728: In the Linux kernel, the following vulnerability has been resolved: bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case

mediumvulnerability

security

Source: NVD/CVE DatabaseOctober 21, 2024CVE-2024-47728

Summary

A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter, a system for running safe code inside the kernel) subsystem could leak memory when certain helper functions encounter errors. The fix ensures that pointer arguments are zeroed out when errors occur, preventing sensitive kernel data from being accidentally exposed.

Solution / Mitigation

The kernel now zeros the value of former ARG_PTR_TO_{LONG,INT} arguments (pointers to long or integer values) when non-tracing helpers return errors. Additionally, for MTU helper functions, the *mtu_len pointer value is cleared on the error path to prevent uninitialized memory from being readable.

Vulnerability Details

CVSS Score

5.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-459

Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-47728

First tracked: February 15, 2026 at 08:35 PM

Classified by LLM (prompt v3) · confidence: 95%