CVE-2024-42072

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-42072
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42072.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-42072
Downstream
Published
2024-07-29T15:52:35Z
Modified
2025-10-22T00:19:11.352791Z
Summary
bpf: Fix may_goto with negative offset.
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix may_goto with negative offset.

Zac's syzbot crafted a bpf prog that exposed two bugs in maygoto. The 1st bug is the way maygoto is patched. When offset is negative it should be patched differently. The 2nd bug is in the verifier: when current state maygotodepth is equal to visited state maygotodepth it means there is an actual infinite loop. It's not correct to prune exploration of the program at this point. Note, that this check doesn't limit the program to only one maygoto insn, since 2nd and any further maygoto will increment maygotodepth only in the queued state pushed for future exploration. The current state will have maygotodepth == 0 regardless of number of maygoto insns and the verifier has to explore the program until bpfexit.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
011832b97b311bb9e3c27945bc0d1089a14209c9
Fixed
175827e04f4be53f3dfb57edf12d0d49b18fd939
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
011832b97b311bb9e3c27945bc0d1089a14209c9
Fixed
2b2efe1937ca9f8815884bd4dcd5b32733025103

Affected versions

v6.*

v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.8
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v6.9.6
v6.9.7

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.9.0
Fixed
6.9.8