CVE-2024-42067 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro() set_memory_rox() can fail, leaving memory unprotected. Check return and bail out when bpf_jit_binary_lock_ro() returns an error.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/044da7ae7afd4ef60806d73654a2e6a79aa4ed7a
https://git.kernel.org/stable/c/08f6c05feb1db21653e98ca84ea04ca032d014c7
https://git.kernel.org/stable/c/9fef36cad60d4226f9d06953cd56d1d2f9119730
https://git.kernel.org/stable/c/e60adf513275c3a38e5cb67f7fd12387e43a3ff5
https://lore.kernel.org/linux-cve-announce/2024072951-CVE-2024-42067-c8ef@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-42067
https://www.cve.org/CVERecord?id=CVE-2024-42067

History

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-07-29T15:52:31.825Z

Updated: 2025-01-24T16:01:23.619Z

Reserved: 2024-07-29T15:50:41.168Z

Link: CVE-2024-42067

Vulnrichment

Updated: 2024-08-02T04:54:31.321Z

NVD

Status : Modified

Published: 2024-07-29T16:15:06.323

Modified: 2025-01-24T16:15:36.447

Link: CVE-2024-42067

Redhat

Severity : Low

Publid Date: 2024-07-29T00:00:00Z

Links: CVE-2024-42067 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42067", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.168Z", "datePublished": "2024-07-29T15:52:31.825Z", "dateUpdated": "2025-01-24T16:01:23.619Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-01-24T16:01:23.619Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()\n\nset_memory_rox() can fail, leaving memory unprotected.\n\nCheck return and bail out when bpf_jit_binary_lock_ro() returns\nan error."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/arm/net/bpf_jit_32.c", "arch/loongarch/net/bpf_jit.c", "arch/mips/net/bpf_jit_comp.c", "arch/parisc/net/bpf_jit_core.c", "arch/s390/net/bpf_jit_comp.c", "arch/sparc/net/bpf_jit_comp_64.c", "arch/x86/net/bpf_jit_comp32.c", "include/linux/filter.h"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "e60adf513275c3a38e5cb67f7fd12387e43a3ff5", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/arm/net/bpf_jit_32.c", "arch/loongarch/net/bpf_jit.c", "arch/mips/net/bpf_jit_comp.c", "arch/parisc/net/bpf_jit_core.c", "arch/s390/net/bpf_jit_comp.c", "arch/sparc/net/bpf_jit_comp_64.c", "arch/x86/net/bpf_jit_comp32.c", "include/linux/filter.h"], "versions": [{"version": "6.9.8", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/044da7ae7afd4ef60806d73654a2e6a79aa4ed7a"}, {"url": "https://git.kernel.org/stable/c/e60adf513275c3a38e5cb67f7fd12387e43a3ff5"}], "title": "bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:31.321Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/08f6c05feb1db21653e98ca84ea04ca032d014c7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9fef36cad60d4226f9d06953cd56d1d2f9119730", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e60adf513275c3a38e5cb67f7fd12387e43a3ff5", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42067", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:19:56.137791Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:58.173Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/08f6c05feb1db21653e98ca84ea04ca032d014c7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9fef36cad60d4226f9d06953cd56d1d2f9119730", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e60adf513275c3a38e5cb67f7fd12387e43a3ff5", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:31.321Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42067", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:19:56.137791Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:19.911Z"}}], "cna": {"title": "bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "e60adf513275c3a38e5cb67f7fd12387e43a3ff5", "versionType": "git"}], "programFiles": ["arch/arm/net/bpf_jit_32.c", "arch/loongarch/net/bpf_jit.c", "arch/mips/net/bpf_jit_comp.c", "arch/parisc/net/bpf_jit_core.c", "arch/s390/net/bpf_jit_comp.c", "arch/sparc/net/bpf_jit_comp_64.c", "arch/x86/net/bpf_jit_comp32.c", "include/linux/filter.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "6.9.8", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["arch/arm/net/bpf_jit_32.c", "arch/loongarch/net/bpf_jit.c", "arch/mips/net/bpf_jit_comp.c", "arch/parisc/net/bpf_jit_core.c", "arch/s390/net/bpf_jit_comp.c", "arch/sparc/net/bpf_jit_comp_64.c", "arch/x86/net/bpf_jit_comp32.c", "include/linux/filter.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/044da7ae7afd4ef60806d73654a2e6a79aa4ed7a"}, {"url": "https://git.kernel.org/stable/c/e60adf513275c3a38e5cb67f7fd12387e43a3ff5"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()\n\nset_memory_rox() can fail, leaving memory unprotected.\n\nCheck return and bail out when bpf_jit_binary_lock_ro() returns\nan error."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-01-24T16:01:23.619Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42067", "state": "PUBLISHED", "dateUpdated": "2025-01-24T16:01:23.619Z", "dateReserved": "2024-07-29T15:50:41.168Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-29T15:52:31.825Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "816250D9-9650-4A7D-A4A7-1D69242F2032", "versionEndExcluding": "6.6.37", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E95105F2-32E3-4C5F-9D18-7AEFD0E6275C", "versionEndExcluding": "6.9.8", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()\n\nset_memory_rox() can fail, leaving memory unprotected.\n\nCheck return and bail out when bpf_jit_binary_lock_ro() returns\nan error."}, {"lang": "es", "value": " En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: bpf: Tener en cuenta el retorno de set_memory_rox() con bpf_jit_binary_lock_ro() set_memory_rox() puede fallar, dejando la memoria desprotegida. Verifique la devoluci\u00f3n y el rescate cuando bpf_jit_binary_lock_ro() devuelva un error."}], "id": "CVE-2024-42067", "lastModified": "2025-01-24T16:15:36.447", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-29T16:15:06.323", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/044da7ae7afd4ef60806d73654a2e6a79aa4ed7a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e60adf513275c3a38e5cb67f7fd12387e43a3ff5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/044da7ae7afd4ef60806d73654a2e6a79aa4ed7a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/08f6c05feb1db21653e98ca84ea04ca032d014c7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9fef36cad60d4226f9d06953cd56d1d2f9119730"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e60adf513275c3a38e5cb67f7fd12387e43a3ff5"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-252"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()", "id": "2300505", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300505"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-252", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nbpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()\nset_memory_rox() can fail, leaving memory unprotected.\nCheck return and bail out when bpf_jit_binary_lock_ro() returns\nan error."], "name": "CVE-2024-42067", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42067\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42067\nhttps://lore.kernel.org/linux-cve-announce/2024072951-CVE-2024-42067-c8ef@gregkh/T"], "statement": "The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.\nFor the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:\n# cat /proc/sys/kernel/unprivileged_bpf_disabled\nThe setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.", "threat_severity": "Low"}