{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-42106","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-07-29T15:50:41.175Z","datePublished":"2024-07-30T07:46:01.865Z","dateUpdated":"2025-11-03T22:01:42.643Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:23:08.689Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ninet_diag: Initialize pad field in struct inet_diag_req_v2\n\nKMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw\nsockets uses the pad field in struct inet_diag_req_v2 for the\nunderlying protocol. This field corresponds to the sdiag_raw_protocol\nfield in struct inet_diag_req_raw.\n\ninet_diag_get_exact_compat() converts inet_diag_req to\ninet_diag_req_v2, but leaves the pad field uninitialized. So the issue\noccurs when raw_lookup() accesses the sdiag_raw_protocol field.\n\nFix this by initializing the pad field in\ninet_diag_get_exact_compat(). Also, do the same fix in\ninet_diag_dump_compat() to avoid the similar issue in the future.\n\n[1]\nBUG: KMSAN: uninit-value in raw_lookup net/ipv4/raw_diag.c:49 [inline]\nBUG: KMSAN: uninit-value in raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\n raw_lookup net/ipv4/raw_diag.c:49 [inline]\n raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\n raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\n inet_diag_cmd_exact+0x7d9/0x980\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\n inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x332/0x3d0 net/socket.c:745\n ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n __sys_sendmsg net/socket.c:2668 [inline]\n __do_sys_sendmsg net/socket.c:2677 [inline]\n __se_sys_sendmsg net/socket.c:2675 [inline]\n __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\n x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was stored to memory at:\n raw_sock_get+0x650/0x800 net/ipv4/raw_diag.c:71\n raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\n inet_diag_cmd_exact+0x7d9/0x980\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\n inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x332/0x3d0 net/socket.c:745\n ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n __sys_sendmsg net/socket.c:2668 [inline]\n __do_sys_sendmsg net/socket.c:2677 [inline]\n __se_sys_sendmsg net/socket.c:2675 [inline]\n __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\n x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable req.i created at:\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1396 [inline]\n inet_diag_rcv_msg_compat+0x2a6/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n\nCPU: 1 PID: 8888 Comm: syz-executor.6 Not tainted 6.10.0-rc4-00217-g35bb670d65fc #32\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ipv4/inet_diag.c"],"versions":[{"version":"432490f9d455fb842d70219f22d9d2c812371676","lessThan":"7094a5fd20ab66028f1da7f06e0f2692d70346f9","status":"affected","versionType":"git"},{"version":"432490f9d455fb842d70219f22d9d2c812371676","lessThan":"0184bf0a349f4cf9e663abbe862ff280e8e4dfa2","status":"affected","versionType":"git"},{"version":"432490f9d455fb842d70219f22d9d2c812371676","lessThan":"7ef519c8efde152e0d632337f2994f6921e0b7e4","status":"affected","versionType":"git"},{"version":"432490f9d455fb842d70219f22d9d2c812371676","lessThan":"8366720519ea8d322a20780debdfd23d9fc0904a","status":"affected","versionType":"git"},{"version":"432490f9d455fb842d70219f22d9d2c812371676","lessThan":"d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb","status":"affected","versionType":"git"},{"version":"432490f9d455fb842d70219f22d9d2c812371676","lessThan":"76965648fe6858db7c5f3c700fef7aa5f124ca1c","status":"affected","versionType":"git"},{"version":"432490f9d455fb842d70219f22d9d2c812371676","lessThan":"f9b2010e8af49fac9d9562146fb81744d8a9b051","status":"affected","versionType":"git"},{"version":"432490f9d455fb842d70219f22d9d2c812371676","lessThan":"61cf1c739f08190a4cbf047b9fbb192a94d87e3f","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ipv4/inet_diag.c"],"versions":[{"version":"4.10","status":"affected"},{"version":"0","lessThan":"4.10","status":"unaffected","versionType":"semver"},{"version":"4.19.318","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.280","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.222","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.163","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.98","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.39","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.9.9","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"4.19.318"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"5.4.280"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"5.10.222"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"5.15.163"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.1.98"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.6.39"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.9.9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7094a5fd20ab66028f1da7f06e0f2692d70346f9"},{"url":"https://git.kernel.org/stable/c/0184bf0a349f4cf9e663abbe862ff280e8e4dfa2"},{"url":"https://git.kernel.org/stable/c/7ef519c8efde152e0d632337f2994f6921e0b7e4"},{"url":"https://git.kernel.org/stable/c/8366720519ea8d322a20780debdfd23d9fc0904a"},{"url":"https://git.kernel.org/stable/c/d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb"},{"url":"https://git.kernel.org/stable/c/76965648fe6858db7c5f3c700fef7aa5f124ca1c"},{"url":"https://git.kernel.org/stable/c/f9b2010e8af49fac9d9562146fb81744d8a9b051"},{"url":"https://git.kernel.org/stable/c/61cf1c739f08190a4cbf047b9fbb192a94d87e3f"}],"title":"inet_diag: Initialize pad field in struct inet_diag_req_v2","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/7094a5fd20ab66028f1da7f06e0f2692d70346f9","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/0184bf0a349f4cf9e663abbe862ff280e8e4dfa2","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/7ef519c8efde152e0d632337f2994f6921e0b7e4","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/8366720519ea8d322a20780debdfd23d9fc0904a","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/76965648fe6858db7c5f3c700fef7aa5f124ca1c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/f9b2010e8af49fac9d9562146fb81744d8a9b051","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/61cf1c739f08190a4cbf047b9fbb192a94d87e3f","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:01:42.643Z"}},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-42106","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T16:17:46.157657Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:33:07.725Z"}}]}}