|
Vulnerabilities
< Back

CVE-2024-42161

Updated on 30 Jul 2024

Severity

6.3 Medium severity

Details

CVSS score
6.3
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

In the Linux kernel, the following vulnerability has been resolved:

bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD

[Changes from V1:

  • Use a default branch in the switch statement to initialize `val’.]

GCC warns that `val’ may be used uninitialized in the BPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as:

[…] unsigned long long val;
[…]
switch (__CORE_RELO(s, field, BYTE_SIZE)) {
case 1: val = *(const unsigned char *)p; break;
case 2: val = *(const unsigned short *)p; break;
case 4: val = *(const unsigned int *)p; break;
case 8: val = *(const unsigned long long *)p; break;
}
[…] val;
} \

This patch adds a default entry in the switch statement that sets `val’ to zero in order to avoid the warning, and random values to be used in case __builtin_preserve_field_info returns unexpected values for BPF_FIELD_BYTE_SIZE.

Tested in bpf-next master. No regressions.

Details

Affected product:
AlmaLinux 9.2 ESU , CentOS 6 ELS , CentOS 7 ELS , CentOS 8.4 ELS , CentOS 8.5 ELS , CentOS Stream 8 ELS , CloudLinux 6 ELS , CloudLinux 7 ELS , Oracle Linux 6 ELS , Oracle Linux 7 ELS , RHEL 7 ELS , Ubuntu 16.04 ELS , Ubuntu 18.04 ELS
Affected packages:
linux-hwe @ 4.15.0 (+15 more)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD

[Changes from V1:

  • Use a default branch in the switch statement to initialize `val’.]

GCC warns that `val’ may be used uninitialized in the BPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as:

[…] unsigned long long val;
[…]
switch (__CORE_RELO(s, field, BYTE_SIZE)) {
case 1: val = *(const unsigned char *)p; break;
case 2: val = *(const unsigned short *)p; break;
case 4: val = *(const unsigned int *)p; break;
case 8: val = *(const unsigned long long *)p; break;
}
[…] val;
} \

This patch adds a default entry in the switch statement that sets `val’ to zero in order to avoid the warning, and random values to be used in case __builtin_preserve_field_info returns unexpected values for BPF_FIELD_BYTE_SIZE.

Tested in bpf-next master. No regressions.

Fixes