PT-2024-29823 · Linux+7 · Linux Kernel+7

Syzbot

·

Published

2024-07-26

·

Updated

2025-09-29

·

CVE-2024-42272

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50
Description The vulnerability is related to the use of an uninitialized resource in the Linux kernel's sched component. Specifically, the issue arises from the rhashtable lookup() function using padding bytes that are not initialized in the struct zones ht key. This can lead to a denial-of-service condition. The vulnerability is caused by a blamed commit that increased the lookup key size from 2 bytes to 16 bytes due to zones ht key getting a struct net pointer.
Recommendations To resolve the issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider disabling the tcf ct flow table get() function until a patch is available. Restrict access to the vulnerable module net/sched/act ct.c to minimize the risk of exploitation. Avoid using the rhashtable lookup() function in the affected API endpoint until the issue is resolved.

Exploit

Fix

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-908

Related Identifiers

ALSA-2024:8162
ALSA-2025_16880
ALT-PU-2024-11345
ALT-PU-2024-13121
AZL-49749
BDU:2025-01405
CVE-2024-42272
DLA-3912-1
DLA-4008-1
INFSA-2024_8162
MGASA-2024-0309
MGASA-2024-0310
OESA-2024-2124
RHSA-2024:8157
RHSA-2024:8158
RHSA-2024:8162
RHSA-2024_8162
RLSA-2024:8162
USN-7100-1
USN-7100-2
USN-7123-1
USN-7144-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7194-1
USN-7196-1

Affected Products

Alt Linux
Almalinux
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Ubuntu