CVE-2024-42072

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to the may goto function in the Linux kernel's BPF (Berkeley Packet Filter) component. Two bugs were exposed by Zac's syzbot: the first bug is related to how may goto is patched when the offset is negative, and the second bug is in the verifier, which incorrectly prunes the exploration of the program when an actual infinite loop is detected. This can potentially allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.