CVE-2024-42063 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode

syzbot reported uninit memory usages during map_{lookup,delete}_elem.

==========
BUG: KMSAN: uninit-value in __dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline]
BUG: KMSAN: uninit-value in dev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796
__dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline]
dev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796
____bpf_map_lookup_elem kernel/bpf/helpers.c:42 [inline]
bpf_map_lookup_elem+0x5c/0x80 kernel/bpf/helpers.c:38
___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997
__bpf_prog_run256+0xb5/0xe0 kernel/bpf/core.c:2237
==========

The reproducer should be in the interpreter mode.

The C reproducer is trying to run the following bpf prog:

0: (18) r0 = 0x0
2: (18) r1 = map[id:49]
4: (b7) r8 = 16777216
5: (7b) *(u64 *)(r10 -8) = r8
6: (bf) r2 = r10
7: (07) r2 += -229
^^^^^^^^^^

8: (b7) r3 = 8
9: (b7) r4 = 0
10: (85) call dev_map_lookup_elem#1543472
11: (95) exit

It is due to the "void *key" (r2) passed to the helper. bpf allows uninit
stack memory access for bpf prog with the right privileges. This patch
uses kmsan_unpoison_memory() to mark the stack as initialized.

This should address different syzbot reports on the uninit "void *key"
argument during map_{lookup,delete}_elem.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00023.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-4008-1	linux-6.1 security update
Ubuntu USN	USN-7089-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7089-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7089-3	Linux kernel vulnerabilities
Ubuntu USN	USN-7089-4	Linux kernel vulnerabilities
Ubuntu USN	USN-7089-5	Linux kernel vulnerabilities
Ubuntu USN	USN-7089-6	Linux kernel vulnerabilities
Ubuntu USN	USN-7089-7	Linux kernel (Low Latency) vulnerabilities
Ubuntu USN	USN-7090-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7095-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7156-1	Linux kernel (GKE) vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/3189983c26108cf0990e5c46856dc9feb9470d12
https://git.kernel.org/stable/c/b30f3197a6cd080052d5d4973f9a6b479fd9fff5
https://git.kernel.org/stable/c/d812ae6e02bd6e6a9cd1fdb09519c2f33e875faf
https://git.kernel.org/stable/c/e8742081db7d01f980c6161ae1e8a1dbc1e30979
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://lore.kernel.org/linux-cve-announce/2024072950-CVE-2024-42063-d3a5@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-42063
https://www.cve.org/CVERecord?id=CVE-2024-42063

History

Mon, 03 Nov 2025 22:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 05 Sep 2024 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-908
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Mon, 19 Aug 2024 22:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-120
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-07-29T15:52:28.533Z

Updated: 2025-11-03T22:01:03.937Z

Reserved: 2024-07-29T15:50:41.166Z

Link: CVE-2024-42063

Vulnrichment

Updated: 2024-08-02T04:54:31.920Z

NVD

Status : Modified

Published: 2024-07-29T16:15:06.053

Modified: 2025-11-03T22:17:34.690

Link: CVE-2024-42063

Redhat

Severity : Low

Publid Date: 2024-07-29T00:00:00Z

Links: CVE-2024-42063 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object