Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-42161

Опубликовано: 30 июл. 2024
Источник: redhat
CVSS3: 6.3
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD [Changes from V1:

  • Use a default branch in the switch statement to initialize val'.] GCC warns that val' may be used uninitialized in the BPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as: [...] unsigned long long val;
    [...]
    switch (__CORE_RELO(s, field, BYTE_SIZE)) {
    case 1: val = *(const unsigned char *)p; break;
    case 2: val = *(const unsigned short *)p; break;
    case 4: val = *(const unsigned int *)p; break;
    case 8: val = *(const unsigned long long *)p; break;
    }
    [...] val;
    }
    This patch adds a default entry in the switch statement that sets `val' to zero in order to avoid the warning, and random values to be used in case __builtin_preserve_field_info returns unexpected values for BPF_FIELD_BYTE_SIZE. Tested in bpf-next master. No regressions.

    A vulnerability was found in the Linux kernel in the bpf_enum_value_kind() function, where a lack of proper checks could lead to an uninitialized variable being used. This issue could lead to undefined behavior or memory corruption.

Отчет

Red Hat believes this flaw to be of Moderate severity because this vulnerability impacts the core code of the BPF component. To have access to this component's functionality, a user would require elevated privileges (CAP_SYS_ADMIN). Successful exploit of this vulnerability would have a low impact on confidentiality, as a crash would not necessarily expose sensitive information.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope
Red Hat Enterprise Linux 8kernelWill not fix
Red Hat Enterprise Linux 8kernel-rtWill not fix
Red Hat Enterprise Linux 9kernelWill not fix
Red Hat Enterprise Linux 9kernel-rtWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-457
https://bugzilla.redhat.com/show_bug.cgi?id=2301539kernel: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD

EPSS

Процентиль: 17%
0.00053
Низкий

6.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-42161

CVSS3: 6.3
ubuntu
11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD [Changes from V1: - Use a default branch in the switch statement to initialize `val'.] GCC warns that `val' may be used uninitialized in the BPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as: [...] unsigned long long val; \ [...] \ switch (__CORE_RELO(s, field, BYTE_SIZE)) { \ case 1: val = *(const unsigned char *)p; break; \ case 2: val = *(const unsigned short *)p; break; \ case 4: val = *(const unsigned int *)p; break; \ case 8: val = *(const unsigned long long *)p; break; \ } \ [...] val; \ } \ This patch adds a default entry in the switch statement that sets `val' to zero in order to avoid the warning, and random values to be used in case __builtin_preserve_field_info returns unexpected values for BPF_FIELD_BYTE_SIZE. Tested in bpf-nex...

nvd логотип

CVE-2024-42161

CVSS3: 6.3
nvd
11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD [Changes from V1: - Use a default branch in the switch statement to initialize `val'.] GCC warns that `val' may be used uninitialized in the BPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as: [...] unsigned long long val; \ [...] \ switch (__CORE_RELO(s, field, BYTE_SIZE)) { \ case 1: val = *(const unsigned char *)p; break; \ case 2: val = *(const unsigned short *)p; break; \ case 4: val = *(const unsigned int *)p; break; \ case 8: val = *(const unsigned long long *)p; break; \ } \ [...] val; \ } \ This patch adds a default entry in the switch statement that sets `val' to zero in order to avoid the warning, and random values to be used in case __builtin_preserve_field_info returns unexpected values for BPF_FIELD_BYTE_SIZE.

msrc логотип

CVE-2024-42161

CVSS3: 6.3
msrc
10 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-42161

CVSS3: 6.3
debian
11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: b ...

github логотип

GHSA-5hjg-m862-88fc

CVSS3: 7.8
github
11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD [Changes from V1: - Use a default branch in the switch statement to initialize `val'.] GCC warns that `val' may be used uninitialized in the BPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as: [...] unsigned long long val; \ [...] \ switch (__CORE_RELO(s, field, BYTE_SIZE)) { \ case 1: val = *(const unsigned char *)p; break; \ case 2: val = *(const unsigned short *)p; break; \ case 4: val = *(const unsigned int *)p; break; \ case 8: val = *(const unsigned long long *)p; break; \ } \ [...] val; \ } \ This patch adds a default entry in the switch statement that sets `val' to zero in order to avoid the warning, and random values to be used in case __builtin_preserve_field_info returns unexpected values for BPF_FIELD_BYTE_SIZE...

EPSS

Процентиль: 17%
0.00053
Низкий

6.3 Medium

CVSS3