CVE-2024-42072
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-42072
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42072.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-42072
- Related
- Published
- 2024-07-29T16:15:06Z
- Modified
- 2024-09-18T03:26:32.932078Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix may_goto with negative offset.
Zac's syzbot crafted a bpf prog that exposed two bugs in maygoto. The 1st bug is the way maygoto is patched. When offset is negative it should be patched differently. The 2nd bug is in the verifier: when current state maygotodepth is equal to visited state maygotodepth it means there is an actual infinite loop. It's not correct to prune exploration of the program at this point. Note, that this check doesn't limit the program to only one maygoto insn, since 2nd and any further maygoto will increment maygotodepth only in the queued state pushed for future exploration. The current state will have maygotodepth == 0 regardless of number of maygoto insns and the verifier has to explore the program until bpfexit.
- References
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.9.8-1