Lucene search

LinuxCVE-2024-42082

HistoryJul 29, 2024 - 4:15 p.m.

CVE-2024-42082

2024-07-2916:15:07

CWE-770

Linux

web.nvd.nist.gov

linux kernel

xdp vulnerability

syzkaller

memory allocation

rhashtable_init

google compute engine

bios

cve

rip

call trace

linux verification center

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

Low

EPSS

Percentile

5.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

xdp: Remove WARN() from __xdp_reg_mem_model()

syzkaller reports a warning in __xdp_reg_mem_model().

The warning occurs only if __mem_id_init_hash_table() returns an error. It
returns the error in two cases:

memory allocation fails;
rhashtable_init() fails when some fields of rhashtable_params
struct are not initialized properly.

The second case cannot happen since there is a static const rhashtable_params
struct with valid fields. So, warning is only triggered when there is a
problem with memory allocation.

Thus, there is no sense in using WARN() to handle this error and it can be
safely removed.

WARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299

CPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299

Call Trace:
xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344
xdp_test_run_setup net/bpf/test_run.c:188 [inline]
bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377
bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267
bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240
__sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649
__do_sys_bpf kernel/bpf/syscall.c:5738 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5736 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736
do_syscall_64+0xfb/0x240
entry_SYSCALL_64_after_hwframe+0x6d/0x75

Found by Linux Verification Center (linuxtesting.org) with syzkaller.

Affected configurations

Nvd

Vulners

Node

linuxlinux_kernelRange<4.18

linuxlinux_kernelRange4.19–5.10.221

linuxlinux_kernelRange5.11–5.15.162

linuxlinux_kernelRange5.16–6.1.97

linuxlinux_kernelRange6.2–6.6.37

linuxlinux_kernelRange6.7–6.9.8

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/core/xdp.c"
    ],
    "versions": [
      {
        "version": "8d5d88527587",
        "lessThan": "1095b8efbb13",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8d5d88527587",
        "lessThan": "1d3e3b3aa2cb",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8d5d88527587",
        "lessThan": "4e0c539ee265",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8d5d88527587",
        "lessThan": "14e51ea78b4c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8d5d88527587",
        "lessThan": "f92298b0467f",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8d5d88527587",
        "lessThan": "7e9f79428372",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/core/xdp.c"
    ],
    "versions": [
      {
        "version": "4.18",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "4.18",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.221",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.162",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.97",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.37",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.8",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]