{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-42063","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-07-29T15:50:41.166Z","datePublished":"2024-07-29T15:52:28.533Z","dateUpdated":"2026-01-05T10:51:28.884Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-01-05T10:51:28.884Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode\n\nsyzbot reported uninit memory usages during map_{lookup,delete}_elem.\n\n==========\nBUG: KMSAN: uninit-value in __dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline]\nBUG: KMSAN: uninit-value in dev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796\n__dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline]\ndev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796\n____bpf_map_lookup_elem kernel/bpf/helpers.c:42 [inline]\nbpf_map_lookup_elem+0x5c/0x80 kernel/bpf/helpers.c:38\n___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997\n__bpf_prog_run256+0xb5/0xe0 kernel/bpf/core.c:2237\n==========\n\nThe reproducer should be in the interpreter mode.\n\nThe C reproducer is trying to run the following bpf prog:\n\n    0: (18) r0 = 0x0\n    2: (18) r1 = map[id:49]\n    4: (b7) r8 = 16777216\n    5: (7b) *(u64 *)(r10 -8) = r8\n    6: (bf) r2 = r10\n    7: (07) r2 += -229\n            ^^^^^^^^^^\n\n    8: (b7) r3 = 8\n    9: (b7) r4 = 0\n   10: (85) call dev_map_lookup_elem#1543472\n   11: (95) exit\n\nIt is due to the \"void *key\" (r2) passed to the helper. bpf allows uninit\nstack memory access for bpf prog with the right privileges. This patch\nuses kmsan_unpoison_memory() to mark the stack as initialized.\n\nThis should address different syzbot reports on the uninit \"void *key\"\nargument during map_{lookup,delete}_elem."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/bpf/core.c"],"versions":[{"version":"bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8","lessThan":"b30f3197a6cd080052d5d4973f9a6b479fd9fff5","status":"affected","versionType":"git"},{"version":"bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8","lessThan":"d812ae6e02bd6e6a9cd1fdb09519c2f33e875faf","status":"affected","versionType":"git"},{"version":"bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8","lessThan":"3189983c26108cf0990e5c46856dc9feb9470d12","status":"affected","versionType":"git"},{"version":"bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8","lessThan":"e8742081db7d01f980c6161ae1e8a1dbc1e30979","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/bpf/core.c"],"versions":[{"version":"3.15","status":"affected"},{"version":"0","lessThan":"3.15","status":"unaffected","versionType":"semver"},{"version":"6.1.97","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.37","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.9.8","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"6.1.97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"6.6.37"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"6.9.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"6.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/b30f3197a6cd080052d5d4973f9a6b479fd9fff5"},{"url":"https://git.kernel.org/stable/c/d812ae6e02bd6e6a9cd1fdb09519c2f33e875faf"},{"url":"https://git.kernel.org/stable/c/3189983c26108cf0990e5c46856dc9feb9470d12"},{"url":"https://git.kernel.org/stable/c/e8742081db7d01f980c6161ae1e8a1dbc1e30979"}],"title":"bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/b30f3197a6cd080052d5d4973f9a6b479fd9fff5","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/d812ae6e02bd6e6a9cd1fdb09519c2f33e875faf","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/3189983c26108cf0990e5c46856dc9feb9470d12","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e8742081db7d01f980c6161ae1e8a1dbc1e30979","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:01:03.937Z"}},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-42063","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T16:20:09.278781Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:33:08.514Z"}}]}}