CVE-2024-42161
Published: Jul 30, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD [Changes from V1: - Use a default branch in the switch statement to initialize `val'.] GCC warns that `val' may be used uninitialized in the BPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as: [...] unsigned long long val; \ [...] \ switch (__CORE_RELO(s, field, BYTE_SIZE)) { \ case 1: val = *(const unsigned char *)p; break; \ case 2: val = *(const unsigned short *)p; break; \ case 4: val = *(const unsigned int *)p; break; \ case 8: val = *(const unsigned long long *)p; break; \ } \ [...] val; \ } \ This patch adds a default entry in the switch statement that sets `val' to zero in order to avoid the warning, and random values to be used in case __builtin_preserve_field_info returns unexpected values for BPF_FIELD_BYTE_SIZE. Tested in bpf-next master. No regressions.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected ee26dade0e3bcd8a34ae7520e373fb69365fce7a - < b694989bb13ed5f166e633faa1eb0f21c6d261a6affected ee26dade0e3bcd8a34ae7520e373fb69365fce7a - < 3364c2ed1c241989847f19cf83e3db903ce689e3affected ee26dade0e3bcd8a34ae7520e373fb69365fce7a - < a21d76bd0b0d39518e9a4c19f6cf7c042a974affaffected ee26dade0e3bcd8a34ae7520e373fb69365fce7a - < 7e5471b5efebc30dd0bc035cda86693a5c73d45faffected ee26dade0e3bcd8a34ae7520e373fb69365fce7a - < ff941a8449e712eaf7efca1a13bfb9afd3d99fc2+1 more versions |
Linux | Linux | affected 5.5unaffected 0 - < 5.5unaffected 5.10.222 - <= 5.10.*unaffected 5.15.163 - <= 5.15.*unaffected 6.1.98 - <= 6.1.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now