PT-2024-29719 · Linux+6 · Linux Kernel+6

Syzbot

·

Published

2024-03-28

·

Updated

2026-03-14

·

CVE-2024-42063

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the Linux kernel's bpf functionality, where uninit memory usages were reported during map lookup and delete operations. The problem arises from the "void *key" passed to the helper, allowing uninit stack memory access for bpf programs with the right privileges. A patch has been applied to mark the stack as initialized using kmsan unpoison memory(), addressing syzbot reports on the uninit "void *key" argument.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Uninitialized Resource

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-120

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-48656
BDU:2025-03003
CVE-2024-42063
DLA-4008-1
OESA-2024-2076
USN-7089-1
USN-7089-2
USN-7089-3
USN-7089-4
USN-7089-5
USN-7089-6
USN-7089-7
USN-7090-1
USN-7095-1
USN-7156-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Ubuntu