CVE-2024-42161

Summary

In the Linux kernel, the following vulnerability has been resolved:

bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD

[Changes from V1:

  • Use a default branch in the switch statement to initialize `val'.]

GCC warns that `val' may be used uninitialized in the BPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as:

[...]
unsigned long long val;						      \
[...]								      \
switch (__CORE_RELO(s, field, BYTE_SIZE)) {			      \
case 1: val = *(const unsigned char *)p; break;			      \
case 2: val = *(const unsigned short *)p; break;		      \
case 4: val = *(const unsigned int *)p; break;			      \
case 8: val = *(const unsigned long long *)p; break;		      \
    }       							      \
[...]
val;								      \
}								      \

This patch adds a default entry in the switch statement that sets `val' to zero in order to avoid the warning, and random values to be used in case __builtin_preserve_field_info returns unexpected values for BPF_FIELD_BYTE_SIZE.

Tested in bpf-next master. No regressions.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxee26dade0e3bcd8a34ae7520e373fb69365fce7a < b694989bb13ed5f166e633faa1eb0f21c6d261a6affected
LinuxLinuxee26dade0e3bcd8a34ae7520e373fb69365fce7a < 3364c2ed1c241989847f19cf83e3db903ce689e3affected
LinuxLinuxee26dade0e3bcd8a34ae7520e373fb69365fce7a < a21d76bd0b0d39518e9a4c19f6cf7c042a974affaffected
LinuxLinuxee26dade0e3bcd8a34ae7520e373fb69365fce7a < 7e5471b5efebc30dd0bc035cda86693a5c73d45faffected
LinuxLinuxee26dade0e3bcd8a34ae7520e373fb69365fce7a < ff941a8449e712eaf7efca1a13bfb9afd3d99fc2affected
LinuxLinuxee26dade0e3bcd8a34ae7520e373fb69365fce7a < 009367099eb61a4fc2af44d4eb06b6b4de7de6dbaffected
LinuxLinux5.5affected
LinuxLinux0 < 5.5unaffected
LinuxLinux5.10.222 <= 5.10.*unaffected
LinuxLinux5.15.163 <= 5.15.*unaffected
LinuxLinux6.1.98 <= 6.1.*unaffected
LinuxLinux6.6.39 <= 6.6.*unaffected
LinuxLinux6.9.9 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References