{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42161", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.196Z", "datePublished": "2024-07-30T07:47:03.136Z", "dateUpdated": "2024-11-05T09:38:32.790Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:38:32.790Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD\n\n[Changes from V1:\n - Use a default branch in the switch statement to initialize `val'.]\n\nGCC warns that `val' may be used uninitialized in the\nBPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as:\n\n\t[...]\n\tunsigned long long val;\t\t\t\t\t\t \\\n\t[...]\t\t\t\t\t\t\t\t \\\n\tswitch (__CORE_RELO(s, field, BYTE_SIZE)) {\t\t\t \\\n\tcase 1: val = *(const unsigned char *)p; break;\t\t\t \\\n\tcase 2: val = *(const unsigned short *)p; break;\t\t \\\n\tcase 4: val = *(const unsigned int *)p; break;\t\t\t \\\n\tcase 8: val = *(const unsigned long long *)p; break;\t\t \\\n } \t\t\t\t\t\t\t \\\n\t[...]\n\tval;\t\t\t\t\t\t\t\t \\\n\t}\t\t\t\t\t\t\t\t \\\n\nThis patch adds a default entry in the switch statement that sets\n`val' to zero in order to avoid the warning, and random values to be\nused in case __builtin_preserve_field_info returns unexpected values\nfor BPF_FIELD_BYTE_SIZE.\n\nTested in bpf-next master.\nNo regressions."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["tools/lib/bpf/bpf_core_read.h"], "versions": [{"version": "1da177e4c3f4", "lessThan": "b694989bb13e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "3364c2ed1c24", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "a21d76bd0b0d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "7e5471b5efeb", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "ff941a8449e7", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "009367099eb6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["tools/lib/bpf/bpf_core_read.h"], "versions": [{"version": "5.10.222", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.163", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.98", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.39", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.9", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/b694989bb13ed5f166e633faa1eb0f21c6d261a6"}, {"url": "https://git.kernel.org/stable/c/3364c2ed1c241989847f19cf83e3db903ce689e3"}, {"url": "https://git.kernel.org/stable/c/a21d76bd0b0d39518e9a4c19f6cf7c042a974aff"}, {"url": "https://git.kernel.org/stable/c/7e5471b5efebc30dd0bc035cda86693a5c73d45f"}, {"url": "https://git.kernel.org/stable/c/ff941a8449e712eaf7efca1a13bfb9afd3d99fc2"}, {"url": "https://git.kernel.org/stable/c/009367099eb61a4fc2af44d4eb06b6b4de7de6db"}], "title": "bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.572Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b694989bb13ed5f166e633faa1eb0f21c6d261a6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3364c2ed1c241989847f19cf83e3db903ce689e3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a21d76bd0b0d39518e9a4c19f6cf7c042a974aff", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7e5471b5efebc30dd0bc035cda86693a5c73d45f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ff941a8449e712eaf7efca1a13bfb9afd3d99fc2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/009367099eb61a4fc2af44d4eb06b6b4de7de6db", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42161", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:14:52.496894Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:33.542Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b694989bb13ed5f166e633faa1eb0f21c6d261a6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3364c2ed1c241989847f19cf83e3db903ce689e3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a21d76bd0b0d39518e9a4c19f6cf7c042a974aff", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7e5471b5efebc30dd0bc035cda86693a5c73d45f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ff941a8449e712eaf7efca1a13bfb9afd3d99fc2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/009367099eb61a4fc2af44d4eb06b6b4de7de6db", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.572Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42161", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:14:52.496894Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:24.452Z"}}], "cna": {"title": "bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "b694989bb13e", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "3364c2ed1c24", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "a21d76bd0b0d", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "7e5471b5efeb", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "ff941a8449e7", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "009367099eb6", "versionType": "git"}], "programFiles": ["tools/lib/bpf/bpf_core_read.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.10.222", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.163", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.98", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.39", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.9", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["tools/lib/bpf/bpf_core_read.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b694989bb13ed5f166e633faa1eb0f21c6d261a6"}, {"url": "https://git.kernel.org/stable/c/3364c2ed1c241989847f19cf83e3db903ce689e3"}, {"url": "https://git.kernel.org/stable/c/a21d76bd0b0d39518e9a4c19f6cf7c042a974aff"}, {"url": "https://git.kernel.org/stable/c/7e5471b5efebc30dd0bc035cda86693a5c73d45f"}, {"url": "https://git.kernel.org/stable/c/ff941a8449e712eaf7efca1a13bfb9afd3d99fc2"}, {"url": "https://git.kernel.org/stable/c/009367099eb61a4fc2af44d4eb06b6b4de7de6db"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD\n\n[Changes from V1:\n - Use a default branch in the switch statement to initialize `val'.]\n\nGCC warns that `val' may be used uninitialized in the\nBPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as:\n\n\t[...]\n\tunsigned long long val;\t\t\t\t\t\t \\\n\t[...]\t\t\t\t\t\t\t\t \\\n\tswitch (__CORE_RELO(s, field, BYTE_SIZE)) {\t\t\t \\\n\tcase 1: val = *(const unsigned char *)p; break;\t\t\t \\\n\tcase 2: val = *(const unsigned short *)p; break;\t\t \\\n\tcase 4: val = *(const unsigned int *)p; break;\t\t\t \\\n\tcase 8: val = *(const unsigned long long *)p; break;\t\t \\\n } \t\t\t\t\t\t\t \\\n\t[...]\n\tval;\t\t\t\t\t\t\t\t \\\n\t}\t\t\t\t\t\t\t\t \\\n\nThis patch adds a default entry in the switch statement that sets\n`val' to zero in order to avoid the warning, and random values to be\nused in case __builtin_preserve_field_info returns unexpected values\nfor BPF_FIELD_BYTE_SIZE.\n\nTested in bpf-next master.\nNo regressions."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:38:32.790Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42161", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:38:32.790Z", "dateReserved": "2024-07-29T15:50:41.196Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-30T07:47:03.136Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0ADFA1F9-906A-4D75-8667-7FECEF422B59", "versionEndExcluding": "5.10.222", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A97DEB09-4927-40F8-B5C6-F5BD5EAE0CFD", "versionEndExcluding": "5.15.163", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E09E92A5-27EF-40E4-926A-B1CDC8270551", "versionEndExcluding": "6.1.98", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "29E894E4-668F-4DB0-81F7-4FB5F698E970", "versionEndExcluding": "6.6.39", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085", "versionEndExcluding": "6.9.9", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD\n\n[Changes from V1:\n - Use a default branch in the switch statement to initialize `val'.]\n\nGCC warns that `val' may be used uninitialized in the\nBPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as:\n\n\t[...]\n\tunsigned long long val;\t\t\t\t\t\t \\\n\t[...]\t\t\t\t\t\t\t\t \\\n\tswitch (__CORE_RELO(s, field, BYTE_SIZE)) {\t\t\t \\\n\tcase 1: val = *(const unsigned char *)p; break;\t\t\t \\\n\tcase 2: val = *(const unsigned short *)p; break;\t\t \\\n\tcase 4: val = *(const unsigned int *)p; break;\t\t\t \\\n\tcase 8: val = *(const unsigned long long *)p; break;\t\t \\\n } \t\t\t\t\t\t\t \\\n\t[...]\n\tval;\t\t\t\t\t\t\t\t \\\n\t}\t\t\t\t\t\t\t\t \\\n\nThis patch adds a default entry in the switch statement that sets\n`val' to zero in order to avoid the warning, and random values to be\nused in case __builtin_preserve_field_info returns unexpected values\nfor BPF_FIELD_BYTE_SIZE.\n\nTested in bpf-next master.\nNo regressions."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Evite el valor no inicializado en BPF_CORE_READ_BITFIELD [Cambios desde V1: - Use una rama predeterminada en la instrucci\u00f3n switch para inicializar `val'.] GCC advierte que `val' puede usarse sin inicializar en la macro BPF_CRE_READ_BITFIELD, definida en bpf_core_read.h como: [...] unsigned long long val; \\ [...] \\ switch (__CORE_RELO(s, campo, BYTE_SIZE)) { \\ case 1: val = *(const unsigned char *)p; break; \\ case 2: val = *(const unsigned short *)p; break; \\ case 4: val = *(const unsigned int *)p; romper; \\ case 8: val = *(const unsigned long long *)p; break; \\ } \\ [...] val; \\ } \\ Este parche agrega una entrada predeterminada en la declaraci\u00f3n de cambio que establece `val' en cero para evitar la advertencia, y valores aleatorios que se usar\u00e1n en caso de que __builtin_preserve_field_info devuelva valores inesperados para BPF_FIELD_BYTE_SIZE. Probado en bpf-next master. Sin regresiones."}], "id": "CVE-2024-42161", "lastModified": "2024-09-25T15:54:47.837", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-30T08:15:07.447", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/009367099eb61a4fc2af44d4eb06b6b4de7de6db"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3364c2ed1c241989847f19cf83e3db903ce689e3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7e5471b5efebc30dd0bc035cda86693a5c73d45f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a21d76bd0b0d39518e9a4c19f6cf7c042a974aff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b694989bb13ed5f166e633faa1eb0f21c6d261a6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ff941a8449e712eaf7efca1a13bfb9afd3d99fc2"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD", "id": "2301539", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301539"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H", "status": "draft"}, "cwe": "CWE-457", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nbpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD\n[Changes from V1:\n- Use a default branch in the switch statement to initialize `val'.]\nGCC warns that `val' may be used uninitialized in the\nBPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as:\n[...]\nunsigned long long val; \\\n[...] \\\nswitch (__CORE_RELO(s, field, BYTE_SIZE)) { \\\ncase 1: val = *(const unsigned char *)p; break; \\\ncase 2: val = *(const unsigned short *)p; break; \\\ncase 4: val = *(const unsigned int *)p; break; \\\ncase 8: val = *(const unsigned long long *)p; break; \\\n} \\\n[...]\nval; \\\n} \\\nThis patch adds a default entry in the switch statement that sets\n`val' to zero in order to avoid the warning, and random values to be\nused in case __builtin_preserve_field_info returns unexpected values\nfor BPF_FIELD_BYTE_SIZE.\nTested in bpf-next master.\nNo regressions.", "A vulnerability was found in the Linux kernel in the bpf_enum_value_kind() function, where a lack of proper checks could lead to an uninitialized variable being used. This issue could lead to undefined behavior or memory corruption."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42161", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42161\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42161\nhttps://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42161-7104@gregkh/T"], "statement": "Red Hat believes this flaw to be of Moderate severity because this vulnerability impacts the core code of the BPF component. To have access to this component's functionality, a user would require elevated privileges (CAP_SYS_ADMIN). Successful exploit of this vulnerability would have a low impact on confidentiality, as a crash would not necessarily expose sensitive information.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.10.222, kernel 5.15.163, kernel 6.1.98, kernel 6.6.39, kernel 6.9.9, kernel 6.10"}