{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42106", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.175Z", "datePublished": "2024-07-30T07:46:01.865Z", "dateUpdated": "2024-11-05T09:37:31.666Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:37:31.666Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninet_diag: Initialize pad field in struct inet_diag_req_v2\n\nKMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw\nsockets uses the pad field in struct inet_diag_req_v2 for the\nunderlying protocol. This field corresponds to the sdiag_raw_protocol\nfield in struct inet_diag_req_raw.\n\ninet_diag_get_exact_compat() converts inet_diag_req to\ninet_diag_req_v2, but leaves the pad field uninitialized. So the issue\noccurs when raw_lookup() accesses the sdiag_raw_protocol field.\n\nFix this by initializing the pad field in\ninet_diag_get_exact_compat(). Also, do the same fix in\ninet_diag_dump_compat() to avoid the similar issue in the future.\n\n[1]\nBUG: KMSAN: uninit-value in raw_lookup net/ipv4/raw_diag.c:49 [inline]\nBUG: KMSAN: uninit-value in raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\n raw_lookup net/ipv4/raw_diag.c:49 [inline]\n raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\n raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\n inet_diag_cmd_exact+0x7d9/0x980\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\n inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x332/0x3d0 net/socket.c:745\n ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n __sys_sendmsg net/socket.c:2668 [inline]\n __do_sys_sendmsg net/socket.c:2677 [inline]\n __se_sys_sendmsg net/socket.c:2675 [inline]\n __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\n x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was stored to memory at:\n raw_sock_get+0x650/0x800 net/ipv4/raw_diag.c:71\n raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\n inet_diag_cmd_exact+0x7d9/0x980\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\n inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x332/0x3d0 net/socket.c:745\n ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n __sys_sendmsg net/socket.c:2668 [inline]\n __do_sys_sendmsg net/socket.c:2677 [inline]\n __se_sys_sendmsg net/socket.c:2675 [inline]\n __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\n x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable req.i created at:\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1396 [inline]\n inet_diag_rcv_msg_compat+0x2a6/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n\nCPU: 1 PID: 8888 Comm: syz-executor.6 Not tainted 6.10.0-rc4-00217-g35bb670d65fc #32\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/inet_diag.c"], "versions": [{"version": "432490f9d455", "lessThan": "7094a5fd20ab", "status": "affected", "versionType": "git"}, {"version": "432490f9d455", "lessThan": "0184bf0a349f", "status": "affected", "versionType": "git"}, {"version": "432490f9d455", "lessThan": "7ef519c8efde", "status": "affected", "versionType": "git"}, {"version": "432490f9d455", "lessThan": "8366720519ea", "status": "affected", "versionType": "git"}, {"version": "432490f9d455", "lessThan": "d6f487e0704d", "status": "affected", "versionType": "git"}, {"version": "432490f9d455", "lessThan": "76965648fe68", "status": "affected", "versionType": "git"}, {"version": "432490f9d455", "lessThan": "f9b2010e8af4", "status": "affected", "versionType": "git"}, {"version": "432490f9d455", "lessThan": "61cf1c739f08", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/inet_diag.c"], "versions": [{"version": "4.10", "status": "affected"}, {"version": "0", "lessThan": "4.10", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.318", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.280", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.222", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.163", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.98", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.39", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.9", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/7094a5fd20ab66028f1da7f06e0f2692d70346f9"}, {"url": "https://git.kernel.org/stable/c/0184bf0a349f4cf9e663abbe862ff280e8e4dfa2"}, {"url": "https://git.kernel.org/stable/c/7ef519c8efde152e0d632337f2994f6921e0b7e4"}, {"url": "https://git.kernel.org/stable/c/8366720519ea8d322a20780debdfd23d9fc0904a"}, {"url": "https://git.kernel.org/stable/c/d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb"}, {"url": "https://git.kernel.org/stable/c/76965648fe6858db7c5f3c700fef7aa5f124ca1c"}, {"url": "https://git.kernel.org/stable/c/f9b2010e8af49fac9d9562146fb81744d8a9b051"}, {"url": "https://git.kernel.org/stable/c/61cf1c739f08190a4cbf047b9fbb192a94d87e3f"}], "title": "inet_diag: Initialize pad field in struct inet_diag_req_v2", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.551Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7094a5fd20ab66028f1da7f06e0f2692d70346f9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0184bf0a349f4cf9e663abbe862ff280e8e4dfa2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7ef519c8efde152e0d632337f2994f6921e0b7e4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8366720519ea8d322a20780debdfd23d9fc0904a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/76965648fe6858db7c5f3c700fef7aa5f124ca1c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f9b2010e8af49fac9d9562146fb81744d8a9b051", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/61cf1c739f08190a4cbf047b9fbb192a94d87e3f", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42106", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:17:46.157657Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:07.725Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7094a5fd20ab66028f1da7f06e0f2692d70346f9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0184bf0a349f4cf9e663abbe862ff280e8e4dfa2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7ef519c8efde152e0d632337f2994f6921e0b7e4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8366720519ea8d322a20780debdfd23d9fc0904a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/76965648fe6858db7c5f3c700fef7aa5f124ca1c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f9b2010e8af49fac9d9562146fb81744d8a9b051", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/61cf1c739f08190a4cbf047b9fbb192a94d87e3f", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.551Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42106", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:17:46.157657Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:14.672Z"}}], "cna": {"title": "inet_diag: Initialize pad field in struct inet_diag_req_v2", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "432490f9d455", "lessThan": "7094a5fd20ab", "versionType": "git"}, {"status": "affected", "version": "432490f9d455", "lessThan": "0184bf0a349f", "versionType": "git"}, {"status": "affected", "version": "432490f9d455", "lessThan": "7ef519c8efde", "versionType": "git"}, {"status": "affected", "version": "432490f9d455", "lessThan": "8366720519ea", "versionType": "git"}, {"status": "affected", "version": "432490f9d455", "lessThan": "d6f487e0704d", "versionType": "git"}, {"status": "affected", "version": "432490f9d455", "lessThan": "76965648fe68", "versionType": "git"}, {"status": "affected", "version": "432490f9d455", "lessThan": "f9b2010e8af4", "versionType": "git"}, {"status": "affected", "version": "432490f9d455", "lessThan": "61cf1c739f08", "versionType": "git"}], "programFiles": ["net/ipv4/inet_diag.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.10"}, {"status": "unaffected", "version": "0", "lessThan": "4.10", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.318", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.280", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.222", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.163", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.98", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.39", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.9", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/ipv4/inet_diag.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/7094a5fd20ab66028f1da7f06e0f2692d70346f9"}, {"url": "https://git.kernel.org/stable/c/0184bf0a349f4cf9e663abbe862ff280e8e4dfa2"}, {"url": "https://git.kernel.org/stable/c/7ef519c8efde152e0d632337f2994f6921e0b7e4"}, {"url": "https://git.kernel.org/stable/c/8366720519ea8d322a20780debdfd23d9fc0904a"}, {"url": "https://git.kernel.org/stable/c/d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb"}, {"url": "https://git.kernel.org/stable/c/76965648fe6858db7c5f3c700fef7aa5f124ca1c"}, {"url": "https://git.kernel.org/stable/c/f9b2010e8af49fac9d9562146fb81744d8a9b051"}, {"url": "https://git.kernel.org/stable/c/61cf1c739f08190a4cbf047b9fbb192a94d87e3f"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninet_diag: Initialize pad field in struct inet_diag_req_v2\n\nKMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw\nsockets uses the pad field in struct inet_diag_req_v2 for the\nunderlying protocol. This field corresponds to the sdiag_raw_protocol\nfield in struct inet_diag_req_raw.\n\ninet_diag_get_exact_compat() converts inet_diag_req to\ninet_diag_req_v2, but leaves the pad field uninitialized. So the issue\noccurs when raw_lookup() accesses the sdiag_raw_protocol field.\n\nFix this by initializing the pad field in\ninet_diag_get_exact_compat(). Also, do the same fix in\ninet_diag_dump_compat() to avoid the similar issue in the future.\n\n[1]\nBUG: KMSAN: uninit-value in raw_lookup net/ipv4/raw_diag.c:49 [inline]\nBUG: KMSAN: uninit-value in raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\n raw_lookup net/ipv4/raw_diag.c:49 [inline]\n raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\n raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\n inet_diag_cmd_exact+0x7d9/0x980\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\n inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x332/0x3d0 net/socket.c:745\n ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n __sys_sendmsg net/socket.c:2668 [inline]\n __do_sys_sendmsg net/socket.c:2677 [inline]\n __se_sys_sendmsg net/socket.c:2675 [inline]\n __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\n x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was stored to memory at:\n raw_sock_get+0x650/0x800 net/ipv4/raw_diag.c:71\n raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\n inet_diag_cmd_exact+0x7d9/0x980\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\n inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x332/0x3d0 net/socket.c:745\n ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n __sys_sendmsg net/socket.c:2668 [inline]\n __do_sys_sendmsg net/socket.c:2677 [inline]\n __se_sys_sendmsg net/socket.c:2675 [inline]\n __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\n x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable req.i created at:\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1396 [inline]\n inet_diag_rcv_msg_compat+0x2a6/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n\nCPU: 1 PID: 8888 Comm: syz-executor.6 Not tainted 6.10.0-rc4-00217-g35bb670d65fc #32\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:37:31.666Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42106", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:37:31.666Z", "dateReserved": "2024-07-29T15:50:41.175Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-30T07:46:01.865Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninet_diag: Initialize pad field in struct inet_diag_req_v2\n\nKMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw\nsockets uses the pad field in struct inet_diag_req_v2 for the\nunderlying protocol. This field corresponds to the sdiag_raw_protocol\nfield in struct inet_diag_req_raw.\n\ninet_diag_get_exact_compat() converts inet_diag_req to\ninet_diag_req_v2, but leaves the pad field uninitialized. So the issue\noccurs when raw_lookup() accesses the sdiag_raw_protocol field.\n\nFix this by initializing the pad field in\ninet_diag_get_exact_compat(). Also, do the same fix in\ninet_diag_dump_compat() to avoid the similar issue in the future.\n\n[1]\nBUG: KMSAN: uninit-value in raw_lookup net/ipv4/raw_diag.c:49 [inline]\nBUG: KMSAN: uninit-value in raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\n raw_lookup net/ipv4/raw_diag.c:49 [inline]\n raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\n raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\n inet_diag_cmd_exact+0x7d9/0x980\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\n inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x332/0x3d0 net/socket.c:745\n ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n __sys_sendmsg net/socket.c:2668 [inline]\n __do_sys_sendmsg net/socket.c:2677 [inline]\n __se_sys_sendmsg net/socket.c:2675 [inline]\n __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\n x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was stored to memory at:\n raw_sock_get+0x650/0x800 net/ipv4/raw_diag.c:71\n raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\n inet_diag_cmd_exact+0x7d9/0x980\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\n inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x332/0x3d0 net/socket.c:745\n ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n __sys_sendmsg net/socket.c:2668 [inline]\n __do_sys_sendmsg net/socket.c:2677 [inline]\n __se_sys_sendmsg net/socket.c:2675 [inline]\n __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\n x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable req.i created at:\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1396 [inline]\n inet_diag_rcv_msg_compat+0x2a6/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n\nCPU: 1 PID: 8888 Comm: syz-executor.6 Not tainted 6.10.0-rc4-00217-g35bb670d65fc #32\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: inet_diag: inicializa el campo pad en la estructura inet_diag_req_v2 KMSAN inform\u00f3 acceso de valor uninit en raw_lookup() [1]. Diag para sockets sin formato utiliza el campo pad en struct inet_diag_req_v2 para el protocolo subyacente. Este campo corresponde al campo sdiag_raw_protocol en la estructura inet_diag_req_raw. inet_diag_get_exact_compat() convierte inet_diag_req en inet_diag_req_v2, pero deja el campo pad sin inicializar. Entonces el problema ocurre cuando raw_lookup() accede al campo sdiag_raw_protocol. Solucione este problema inicializando el campo pad en inet_diag_get_exact_compat(). Adem\u00e1s, haga la misma correcci\u00f3n en inet_diag_dump_compat() para evitar problemas similares en el futuro. [1] ERROR: KMSAN: valor uninit en raw_lookup net/ipv4/raw_diag.c:49 [en l\u00ednea] ERROR: KMSAN: valor uninit en raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71 raw_lookup net/ipv4 /raw_diag.c:49 [en l\u00ednea] raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71 raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99 inet_diag_cmd_exact+0x7d9/0x980 inet_diag_get_exact_compat net/ipv4/ inet_diag.c :1404 [en l\u00ednea] inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426 sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282 netlink_rcv_skb+0x537/0x670. c:2564 sock_diag_rcv+0x35 /0x40 net/core/sock_diag.c:297 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [en l\u00ednea] netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361 netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c :1905 sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea] __sock_sendmsg+0x332/0x3d0 net/socket.c:745 ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585 ___sys_sendmsg+0x271/0x3b0 net/socket. c:2639 __sys_sendmsg net/socket.c:2668 [en l\u00ednea] __do_sys_sendmsg net/socket.c:2677 [en l\u00ednea] __se_sys_sendmsg net/socket.c:2675 [en l\u00ednea] __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675 x64_sys_call+0x13 5e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit se almacen\u00f3 en la memoria en: raw_sock_get+0x650/0x800 net/ipv4/raw_diag.c:71 raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99 inet_diag_cmd_exact+0x7d9/0x980 inet_diag_get_exact_compat net/ipv4/inet_diag .c:1404 [en l\u00ednea] inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426 sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282 netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:256 4 calcet\u00edn_diag_rcv+0x35/0x40 net/core/sock_diag.c:297 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [en l\u00ednea] netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361 netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905 sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea] __sock_sendmsg+0x332/0x3d0 net/socket.c:745 ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585 ___sys_sendmsg+0x271/0x3b0 net/socket.c:263 9 __sys_sendmsg neto/ socket.c:2668 [en l\u00ednea] __do_sys_sendmsg net/socket.c:2677 [en l\u00ednea] __se_sys_sendmsg net/socket.c:2675 [en l\u00ednea] __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675 x64_sys_call+0x135e/ 0x3ce0 arch/x86 /include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x77/0x7f Variable local req.i creado en: inet_diag_get_exact_compat net/ipv4/inet_diag.c:1396 [en l\u00ednea] inet_diag_rcv_msg_compat+0x2a6/0x530 net/ipv4/inet_diag.c:1426 sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c: 282 procesadores: 1 PID: 8888 Comm: syz-executor.6 No contaminado 6.10.0-rc4-00217-g35bb670d65fc #32 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 01/04/2014"}], "id": "CVE-2024-42106", "lastModified": "2024-07-30T13:32:45.943", "metrics": {}, "published": "2024-07-30T08:15:03.100", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0184bf0a349f4cf9e663abbe862ff280e8e4dfa2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/61cf1c739f08190a4cbf047b9fbb192a94d87e3f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7094a5fd20ab66028f1da7f06e0f2692d70346f9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/76965648fe6858db7c5f3c700fef7aa5f124ca1c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7ef519c8efde152e0d632337f2994f6921e0b7e4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8366720519ea8d322a20780debdfd23d9fc0904a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f9b2010e8af49fac9d9562146fb81744d8a9b051"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: inet_diag: Initialize pad field in struct inet_diag_req_v2", "id": "2301469", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301469"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-908", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ninet_diag: Initialize pad field in struct inet_diag_req_v2\nKMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw\nsockets uses the pad field in struct inet_diag_req_v2 for the\nunderlying protocol. This field corresponds to the sdiag_raw_protocol\nfield in struct inet_diag_req_raw.\ninet_diag_get_exact_compat() converts inet_diag_req to\ninet_diag_req_v2, but leaves the pad field uninitialized. So the issue\noccurs when raw_lookup() accesses the sdiag_raw_protocol field.\nFix this by initializing the pad field in\ninet_diag_get_exact_compat(). Also, do the same fix in\ninet_diag_dump_compat() to avoid the similar issue in the future.\n[1]\nBUG: KMSAN: uninit-value in raw_lookup net/ipv4/raw_diag.c:49 [inline]\nBUG: KMSAN: uninit-value in raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\nraw_lookup net/ipv4/raw_diag.c:49 [inline]\nraw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\nraw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\ninet_diag_cmd_exact+0x7d9/0x980\ninet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\ninet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\nsock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\nnetlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\nsock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\nnetlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\nnetlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\nnetlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg+0x332/0x3d0 net/socket.c:745\n____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n__sys_sendmsg net/socket.c:2668 [inline]\n__do_sys_sendmsg net/socket.c:2677 [inline]\n__se_sys_sendmsg net/socket.c:2675 [inline]\n__x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\nx64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nUninit was stored to memory at:\nraw_sock_get+0x650/0x800 net/ipv4/raw_diag.c:71\nraw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\ninet_diag_cmd_exact+0x7d9/0x980\ninet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\ninet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\nsock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\nnetlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\nsock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\nnetlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\nnetlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\nnetlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg+0x332/0x3d0 net/socket.c:745\n____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n__sys_sendmsg net/socket.c:2668 [inline]\n__do_sys_sendmsg net/socket.c:2677 [inline]\n__se_sys_sendmsg net/socket.c:2675 [inline]\n__x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\nx64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nLocal variable req.i created at:\ninet_diag_get_exact_compat net/ipv4/inet_diag.c:1396 [inline]\ninet_diag_rcv_msg_compat+0x2a6/0x530 net/ipv4/inet_diag.c:1426\nsock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\nCPU: 1 PID: 8888 Comm: syz-executor.6 Not tainted 6.10.0-rc4-00217-g35bb670d65fc #32\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014"], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42106", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42106\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42106\nhttps://lore.kernel.org/linux-cve-announce/2024073020-CVE-2024-42106-a042@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.318, kernel 5.4.280, kernel 5.10.222, kernel 5.15.163, kernel 6.1.98, kernel 6.6.39, kernel 6.9.9, kernel 6.10"}