CVE-2024-42082
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-42082
CVE Details
| Release Date: | 2024-07-29 |
Description
In the Linux kernel, the following vulnerability has been resolved:\nxdp: Remove WARN() from __xdp_reg_mem_model()\nsyzkaller reports a warning in __xdp_reg_mem_model().\nThe warning occurs only if __mem_id_init_hash_table() returns an error. It\nreturns the error in two cases:\n1. memory allocation fails;\n2. rhashtable_init() fails when some fields of rhashtable_params\nstruct are not initialized properly.\nThe second case cannot happen since there is a static const rhashtable_params\nstruct with valid fields. So, warning is only triggered when there is a\nproblem with memory allocation.\nThus, there is no sense in using WARN() to handle this error and it can be\nsafely removed.\nWARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\nCPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\nCall Trace:\nxdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344\nxdp_test_run_setup net/bpf/test_run.c:188 [inline]\nbpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377\nbpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267\nbpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240\n__sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649\n__do_sys_bpf kernel/bpf/syscall.c:5738 [inline]\n__se_sys_bpf kernel/bpf/syscall.c:5736 [inline]\n__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736\ndo_syscall_64+0xfb/0x240\nentry_SYSCALL_64_after_hwframe+0x6d/0x75\nFound by Linux Verification Center (linuxtesting.org) with syzkaller.
See more information about CVE-2024-42082 from MITRE CVE dictionary and NIST NVD
CVSS Scoring
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
| Base Score: | 5.5 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector: | Local network | Attack Complexity: | Low |
| Privileges Required: | Low | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | None |
| Integrity Impact: | None | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 8 (kernel-uek) | ELSA-2024-12618 | 2024-09-12 |
| Oracle Linux version 9 (kernel) | ELSA-2024-6567 | 2024-09-11 |
| Oracle Linux version 9 (kernel-uek) | ELSA-2024-12618 | 2024-09-12 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
