CVE-2024-42082 - Vulnerability Details

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-427.35.1.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:6567	2024-09-11T00:00:00Z
kernel-0:5.14.0-427.35.1.el9_4	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:6567	2024-09-11T00:00:00Z

Link	Providers
https://git.kernel.org/stable/c/1095b8efbb13a6a5fa583ed373ee1ccab29da2d0
https://git.kernel.org/stable/c/14e51ea78b4ccacb7acb1346b9241bb790a2054c
https://git.kernel.org/stable/c/1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54
https://git.kernel.org/stable/c/4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2
https://git.kernel.org/stable/c/7e9f79428372c6eab92271390851be34ab26bfb4
https://git.kernel.org/stable/c/f92298b0467fd77edc4c1a2c3e48833e69840ec4
https://lore.kernel.org/linux-cve-announce/2024072956-CVE-2024-42082-8411@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-42082
https://www.cve.org/CVERecord?id=CVE-2024-42082

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42082", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.170Z", "datePublished": "2024-07-29T15:52:43.989Z", "dateUpdated": "2025-05-04T09:22:35.267Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:22:35.267Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: Remove WARN() from __xdp_reg_mem_model()\n\nsyzkaller reports a warning in __xdp_reg_mem_model().\n\nThe warning occurs only if __mem_id_init_hash_table() returns an error. It\nreturns the error in two cases:\n\n  1. memory allocation fails;\n  2. rhashtable_init() fails when some fields of rhashtable_params\n     struct are not initialized properly.\n\nThe second case cannot happen since there is a static const rhashtable_params\nstruct with valid fields. So, warning is only triggered when there is a\nproblem with memory allocation.\n\nThus, there is no sense in using WARN() to handle this error and it can be\nsafely removed.\n\nWARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\n\nCPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\n\nCall Trace:\n xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344\n xdp_test_run_setup net/bpf/test_run.c:188 [inline]\n bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377\n bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267\n bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240\n __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649\n __do_sys_bpf kernel/bpf/syscall.c:5738 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5736 [inline]\n __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nFound by Linux Verification Center (linuxtesting.org) with syzkaller."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/core/xdp.c"], "versions": [{"version": "8d5d88527587516bd58ff0f3810f07c38e65e2be", "lessThan": "1095b8efbb13a6a5fa583ed373ee1ccab29da2d0", "status": "affected", "versionType": "git"}, {"version": "8d5d88527587516bd58ff0f3810f07c38e65e2be", "lessThan": "1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54", "status": "affected", "versionType": "git"}, {"version": "8d5d88527587516bd58ff0f3810f07c38e65e2be", "lessThan": "4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2", "status": "affected", "versionType": "git"}, {"version": "8d5d88527587516bd58ff0f3810f07c38e65e2be", "lessThan": "14e51ea78b4ccacb7acb1346b9241bb790a2054c", "status": "affected", "versionType": "git"}, {"version": "8d5d88527587516bd58ff0f3810f07c38e65e2be", "lessThan": "f92298b0467fd77edc4c1a2c3e48833e69840ec4", "status": "affected", "versionType": "git"}, {"version": "8d5d88527587516bd58ff0f3810f07c38e65e2be", "lessThan": "7e9f79428372c6eab92271390851be34ab26bfb4", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/core/xdp.c"], "versions": [{"version": "4.18", "status": "affected"}, {"version": "0", "lessThan": "4.18", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.221", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.97", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.37", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.8", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.18", "versionEndExcluding": "5.10.221"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.18", "versionEndExcluding": "5.15.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.18", "versionEndExcluding": "6.1.97"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.18", "versionEndExcluding": "6.6.37"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.18", "versionEndExcluding": "6.9.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.18", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/1095b8efbb13a6a5fa583ed373ee1ccab29da2d0"}, {"url": "https://git.kernel.org/stable/c/1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54"}, {"url": "https://git.kernel.org/stable/c/4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2"}, {"url": "https://git.kernel.org/stable/c/14e51ea78b4ccacb7acb1346b9241bb790a2054c"}, {"url": "https://git.kernel.org/stable/c/f92298b0467fd77edc4c1a2c3e48833e69840ec4"}, {"url": "https://git.kernel.org/stable/c/7e9f79428372c6eab92271390851be34ab26bfb4"}], "title": "xdp: Remove WARN() from __xdp_reg_mem_model()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.586Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/1095b8efbb13a6a5fa583ed373ee1ccab29da2d0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/14e51ea78b4ccacb7acb1346b9241bb790a2054c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f92298b0467fd77edc4c1a2c3e48833e69840ec4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7e9f79428372c6eab92271390851be34ab26bfb4", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42082", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:19:06.855038Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:07.377Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-42082 (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

state : PUBLISHED (string)

assignerShortName : Linux (string)

dateReserved : 2024-07-29T15:50:41.170Z (string)

datePublished : 2024-07-29T15:52:43.989Z (string)

dateUpdated : 2025-05-04T09:22:35.267Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T09:22:35.267Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: xdp: Remove WARN() from __xdp_reg_mem_model() syzkaller reports a warning in __xdp_reg_mem_model(). The warning occurs only if __mem_id_init_hash_table() returns an error. It returns the error in two cases: 1. memory allocation fails; 2. rhashtable_init() fails when some fields of rhashtable_params struct are not initialized properly. The second case cannot happen since there is a static const rhashtable_params struct with valid fields. So, warning is only triggered when there is a problem with memory allocation. Thus, there is no sense in using WARN() to handle this error and it can be safely removed. WARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 CPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 Call Trace: xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344 xdp_test_run_setup net/bpf/test_run.c:188 [inline] bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377 bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267 bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240 __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Found by Linux Verification Center (linuxtesting.org) with syzkaller. (string)

}

]

affected : [ »

0 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : unaffected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : net/core/xdp.c (string)

]

versions : [ »

0 : { »

version : 8d5d88527587516bd58ff0f3810f07c38e65e2be (string)

lessThan : 1095b8efbb13a6a5fa583ed373ee1ccab29da2d0 (string)

status : affected (string)

versionType : git (string)

}

1 : { »

version : 8d5d88527587516bd58ff0f3810f07c38e65e2be (string)

lessThan : 1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54 (string)

status : affected (string)

versionType : git (string)

}

2 : { »

version : 8d5d88527587516bd58ff0f3810f07c38e65e2be (string)

lessThan : 4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2 (string)

status : affected (string)

versionType : git (string)

}

3 : { »

version : 8d5d88527587516bd58ff0f3810f07c38e65e2be (string)

lessThan : 14e51ea78b4ccacb7acb1346b9241bb790a2054c (string)

status : affected (string)

versionType : git (string)

}

4 : { »

version : 8d5d88527587516bd58ff0f3810f07c38e65e2be (string)

lessThan : f92298b0467fd77edc4c1a2c3e48833e69840ec4 (string)

status : affected (string)

versionType : git (string)

}

5 : { »

version : 8d5d88527587516bd58ff0f3810f07c38e65e2be (string)

lessThan : 7e9f79428372c6eab92271390851be34ab26bfb4 (string)

status : affected (string)

versionType : git (string)

}

]

}

1 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : affected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : net/core/xdp.c (string)

]

versions : [ »

0 : { »

version : 4.18 (string)

status : affected (string)

}

1 : { »

version : 0 (string)

lessThan : 4.18 (string)

status : unaffected (string)

versionType : semver (string)

}

2 : { »

version : 5.10.221 (string)

lessThanOrEqual : 5.10.* (string)

status : unaffected (string)

versionType : semver (string)

}

3 : { »

version : 5.15.162 (string)

lessThanOrEqual : 5.15.* (string)

status : unaffected (string)

versionType : semver (string)

}

4 : { »

version : 6.1.97 (string)

lessThanOrEqual : 6.1.* (string)

status : unaffected (string)

versionType : semver (string)

}

5 : { »

version : 6.6.37 (string)

lessThanOrEqual : 6.6.* (string)

status : unaffected (string)

versionType : semver (string)

}

6 : { »

version : 6.9.8 (string)

lessThanOrEqual : 6.9.* (string)

status : unaffected (string)

versionType : semver (string)

}

7 : { »

version : 6.10 (string)

lessThanOrEqual : * (string)

status : unaffected (string)

versionType : original_commit_for_fix (string)

}

]

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

operator : OR (string)

negate : false (boolean)

cpeMatch : [ »

0 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.18 (string)

versionEndExcluding : 5.10.221 (string)

}

1 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.18 (string)

versionEndExcluding : 5.15.162 (string)

}

2 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.18 (string)

versionEndExcluding : 6.1.97 (string)

}

3 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.18 (string)

versionEndExcluding : 6.6.37 (string)

}

4 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.18 (string)

versionEndExcluding : 6.9.8 (string)

}

5 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.18 (string)

versionEndExcluding : 6.10 (string)

}

]

}

]

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/1095b8efbb13a6a5fa583ed373ee1ccab29da2d0 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/14e51ea78b4ccacb7acb1346b9241bb790a2054c (string)

}

4 : { »

url : https://git.kernel.org/stable/c/f92298b0467fd77edc4c1a2c3e48833e69840ec4 (string)

}

5 : { »

url : https://git.kernel.org/stable/c/7e9f79428372c6eab92271390851be34ab26bfb4 (string)

}

]

title : xdp: Remove WARN() from __xdp_reg_mem_model() (string)

x_generator : { »

engine : bippy-1.2.0 (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T04:54:32.586Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/1095b8efbb13a6a5fa583ed373ee1ccab29da2d0 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/14e51ea78b4ccacb7acb1346b9241bb790a2054c (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/f92298b0467fd77edc4c1a2c3e48833e69840ec4 (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/7e9f79428372c6eab92271390851be34ab26bfb4 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-42082 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-09-10T16:19:06.855038Z (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-11T17:33:07.377Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/1095b8efbb13a6a5fa583ed373ee1ccab29da2d0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/14e51ea78b4ccacb7acb1346b9241bb790a2054c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f92298b0467fd77edc4c1a2c3e48833e69840ec4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7e9f79428372c6eab92271390851be34ab26bfb4", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.586Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42082", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:19:06.855038Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:14.644Z"}}], "cna": {"title": "xdp: Remove WARN() from __xdp_reg_mem_model()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "8d5d88527587516bd58ff0f3810f07c38e65e2be", "lessThan": "1095b8efbb13a6a5fa583ed373ee1ccab29da2d0", "versionType": "git"}, {"status": "affected", "version": "8d5d88527587516bd58ff0f3810f07c38e65e2be", "lessThan": "1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54", "versionType": "git"}, {"status": "affected", "version": "8d5d88527587516bd58ff0f3810f07c38e65e2be", "lessThan": "4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2", "versionType": "git"}, {"status": "affected", "version": "8d5d88527587516bd58ff0f3810f07c38e65e2be", "lessThan": "14e51ea78b4ccacb7acb1346b9241bb790a2054c", "versionType": "git"}, {"status": "affected", "version": "8d5d88527587516bd58ff0f3810f07c38e65e2be", "lessThan": "f92298b0467fd77edc4c1a2c3e48833e69840ec4", "versionType": "git"}, {"status": "affected", "version": "8d5d88527587516bd58ff0f3810f07c38e65e2be", "lessThan": "7e9f79428372c6eab92271390851be34ab26bfb4", "versionType": "git"}], "programFiles": ["net/core/xdp.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.18"}, {"status": "unaffected", "version": "0", "lessThan": "4.18", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.221", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.162", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.97", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.37", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.8", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/core/xdp.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/1095b8efbb13a6a5fa583ed373ee1ccab29da2d0"}, {"url": "https://git.kernel.org/stable/c/1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54"}, {"url": "https://git.kernel.org/stable/c/4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2"}, {"url": "https://git.kernel.org/stable/c/14e51ea78b4ccacb7acb1346b9241bb790a2054c"}, {"url": "https://git.kernel.org/stable/c/f92298b0467fd77edc4c1a2c3e48833e69840ec4"}, {"url": "https://git.kernel.org/stable/c/7e9f79428372c6eab92271390851be34ab26bfb4"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: Remove WARN() from __xdp_reg_mem_model()\n\nsyzkaller reports a warning in __xdp_reg_mem_model().\n\nThe warning occurs only if __mem_id_init_hash_table() returns an error. It\nreturns the error in two cases:\n\n  1. memory allocation fails;\n  2. rhashtable_init() fails when some fields of rhashtable_params\n     struct are not initialized properly.\n\nThe second case cannot happen since there is a static const rhashtable_params\nstruct with valid fields. So, warning is only triggered when there is a\nproblem with memory allocation.\n\nThus, there is no sense in using WARN() to handle this error and it can be\nsafely removed.\n\nWARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\n\nCPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\n\nCall Trace:\n xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344\n xdp_test_run_setup net/bpf/test_run.c:188 [inline]\n bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377\n bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267\n bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240\n __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649\n __do_sys_bpf kernel/bpf/syscall.c:5738 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5736 [inline]\n __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nFound by Linux Verification Center (linuxtesting.org) with syzkaller."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.221", "versionStartIncluding": "4.18"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.162", "versionStartIncluding": "4.18"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.97", "versionStartIncluding": "4.18"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.37", "versionStartIncluding": "4.18"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9.8", "versionStartIncluding": "4.18"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10", "versionStartIncluding": "4.18"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:22:35.267Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42082", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:22:35.267Z", "dateReserved": "2024-07-29T15:50:41.170Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-29T15:52:43.989Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/1095b8efbb13a6a5fa583ed373ee1ccab29da2d0 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/14e51ea78b4ccacb7acb1346b9241bb790a2054c (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/f92298b0467fd77edc4c1a2c3e48833e69840ec4 (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/7e9f79428372c6eab92271390851be34ab26bfb4 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T04:54:32.586Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-42082 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-09-10T16:19:06.855038Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-11T12:42:14.644Z (string)

}

]

cna : { »

title : xdp: Remove WARN() from __xdp_reg_mem_model() (string)

affected : [ »

0 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 8d5d88527587516bd58ff0f3810f07c38e65e2be (string)

lessThan : 1095b8efbb13a6a5fa583ed373ee1ccab29da2d0 (string)

versionType : git (string)

}

1 : { »

status : affected (string)

version : 8d5d88527587516bd58ff0f3810f07c38e65e2be (string)

lessThan : 1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54 (string)

versionType : git (string)

}

2 : { »

status : affected (string)

version : 8d5d88527587516bd58ff0f3810f07c38e65e2be (string)

lessThan : 4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2 (string)

versionType : git (string)

}

3 : { »

status : affected (string)

version : 8d5d88527587516bd58ff0f3810f07c38e65e2be (string)

lessThan : 14e51ea78b4ccacb7acb1346b9241bb790a2054c (string)

versionType : git (string)

}

4 : { »

status : affected (string)

version : 8d5d88527587516bd58ff0f3810f07c38e65e2be (string)

lessThan : f92298b0467fd77edc4c1a2c3e48833e69840ec4 (string)

versionType : git (string)

}

5 : { »

status : affected (string)

version : 8d5d88527587516bd58ff0f3810f07c38e65e2be (string)

lessThan : 7e9f79428372c6eab92271390851be34ab26bfb4 (string)

versionType : git (string)

}

]

programFiles : [ »

0 : net/core/xdp.c (string)

]

defaultStatus : unaffected (string)

}

1 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.18 (string)

}

1 : { »

status : unaffected (string)

version : 0 (string)

lessThan : 4.18 (string)

versionType : semver (string)

}

2 : { »

status : unaffected (string)

version : 5.10.221 (string)

versionType : semver (string)

lessThanOrEqual : 5.10.* (string)

}

3 : { »

status : unaffected (string)

version : 5.15.162 (string)

versionType : semver (string)

lessThanOrEqual : 5.15.* (string)

}

4 : { »

status : unaffected (string)

version : 6.1.97 (string)

versionType : semver (string)

lessThanOrEqual : 6.1.* (string)

}

5 : { »

status : unaffected (string)

version : 6.6.37 (string)

versionType : semver (string)

lessThanOrEqual : 6.6.* (string)

}

6 : { »

status : unaffected (string)

version : 6.9.8 (string)

versionType : semver (string)

lessThanOrEqual : 6.9.* (string)

}

7 : { »

status : unaffected (string)

version : 6.10 (string)

versionType : original_commit_for_fix (string)

lessThanOrEqual : * (string)

}

]

programFiles : [ »

0 : net/core/xdp.c (string)

]

defaultStatus : affected (string)

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/1095b8efbb13a6a5fa583ed373ee1ccab29da2d0 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/14e51ea78b4ccacb7acb1346b9241bb790a2054c (string)

}

4 : { »

url : https://git.kernel.org/stable/c/f92298b0467fd77edc4c1a2c3e48833e69840ec4 (string)

}

5 : { »

url : https://git.kernel.org/stable/c/7e9f79428372c6eab92271390851be34ab26bfb4 (string)

}

]

x_generator : { »

engine : bippy-1.2.0 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: xdp: Remove WARN() from __xdp_reg_mem_model() syzkaller reports a warning in __xdp_reg_mem_model(). The warning occurs only if __mem_id_init_hash_table() returns an error. It returns the error in two cases: 1. memory allocation fails; 2. rhashtable_init() fails when some fields of rhashtable_params struct are not initialized properly. The second case cannot happen since there is a static const rhashtable_params struct with valid fields. So, warning is only triggered when there is a problem with memory allocation. Thus, there is no sense in using WARN() to handle this error and it can be safely removed. WARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 CPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 Call Trace: xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344 xdp_test_run_setup net/bpf/test_run.c:188 [inline] bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377 bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267 bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240 __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Found by Linux Verification Center (linuxtesting.org) with syzkaller. (string)

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

negate : false (boolean)

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.10.221 (string)

versionStartIncluding : 4.18 (string)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.15.162 (string)

versionStartIncluding : 4.18 (string)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.1.97 (string)

versionStartIncluding : 4.18 (string)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.6.37 (string)

versionStartIncluding : 4.18 (string)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.9.8 (string)

versionStartIncluding : 4.18 (string)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.10 (string)

versionStartIncluding : 4.18 (string)

}

]

operator : OR (string)

}

]

}

]

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T09:22:35.267Z (string)

}

cveMetadata : { »

cveId : CVE-2024-42082 (string)

state : PUBLISHED (string)

dateUpdated : 2025-05-04T09:22:35.267Z (string)

dateReserved : 2024-07-29T15:50:41.170Z (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

datePublished : 2024-07-29T15:52:43.989Z (string)

assignerShortName : Linux (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3249552B-A101-45A3-9F46-0E0F0BDBA9E3", "versionEndExcluding": "4.18", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8BA741C-9AA4-40E2-9FC0-E66CDEFE9BB9", "versionEndExcluding": "5.10.221", "versionStartIncluding": "4.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "10A39ACC-3005-40E8-875C-98A372D1FFD5", "versionEndExcluding": "5.15.162", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "748B6C4B-1F61-47F9-96CC-8899B8412D84", "versionEndExcluding": "6.1.97", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D72E033B-5323-4C4D-8818-36E1EBC3535F", "versionEndExcluding": "6.6.37", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E95105F2-32E3-4C5F-9D18-7AEFD0E6275C", "versionEndExcluding": "6.9.8", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: Remove WARN() from __xdp_reg_mem_model()\n\nsyzkaller reports a warning in __xdp_reg_mem_model().\n\nThe warning occurs only if __mem_id_init_hash_table() returns an error. It\nreturns the error in two cases:\n\n  1. memory allocation fails;\n  2. rhashtable_init() fails when some fields of rhashtable_params\n     struct are not initialized properly.\n\nThe second case cannot happen since there is a static const rhashtable_params\nstruct with valid fields. So, warning is only triggered when there is a\nproblem with memory allocation.\n\nThus, there is no sense in using WARN() to handle this error and it can be\nsafely removed.\n\nWARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\n\nCPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\n\nCall Trace:\n xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344\n xdp_test_run_setup net/bpf/test_run.c:188 [inline]\n bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377\n bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267\n bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240\n __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649\n __do_sys_bpf kernel/bpf/syscall.c:5738 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5736 [inline]\n __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nFound by Linux Verification Center (linuxtesting.org) with syzkaller."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: xdp: Eliminar WARN() de __xdp_reg_mem_model() syzkaller informa una advertencia en __xdp_reg_mem_model(). La advertencia ocurre solo si __mem_id_init_hash_table() devuelve un error. Devuelve el error en dos casos: 1. falla la asignaci\u00f3n de memoria; 2. rhashtable_init() falla cuando algunos campos de la estructura rhashtable_params no se inicializan correctamente. El segundo caso no puede ocurrir ya que hay una estructura est\u00e1tica const rhashtable_params con campos v\u00e1lidos. Por lo tanto, la advertencia s\u00f3lo se activa cuando hay un problema con la asignaci\u00f3n de memoria. Por lo tanto, no tiene sentido utilizar WARN() para manejar este error y se puede eliminar de forma segura. ADVERTENCIA: CPU: 0 PID: 5065 en net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 CPU: 0 PID: 5065 Comm: syz-executor883 No contaminado 6.8.0-syzkaller -05271-gf99c5f563c17 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 27/03/2024 RIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 Seguimiento de llamadas: xdp_reg_mem_model+0x22/ 0x40 net/core/xdp.c:344 xdp_test_run_setup net/bpf/test_run.c:188 [en l\u00ednea] bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377 bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_ ejecutar.c: 1267 bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240 __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649 __do_sys_bpf kernel/bpf/syscall.c:5738 [en l\u00ednea] pf kernel/bpf/syscall.c :5736 [en l\u00ednea] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736 do_syscall_64+0xfb/0x240 Entry_SYSCALL_64_after_hwframe+0x6d/0x75 Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con syzkaller."}], "id": "CVE-2024-42082", "lastModified": "2024-11-21T09:33:33.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-29T16:15:07.373", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1095b8efbb13a6a5fa583ed373ee1ccab29da2d0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/14e51ea78b4ccacb7acb1346b9241bb790a2054c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7e9f79428372c6eab92271390851be34ab26bfb4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f92298b0467fd77edc4c1a2c3e48833e69840ec4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1095b8efbb13a6a5fa583ed373ee1ccab29da2d0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/14e51ea78b4ccacb7acb1346b9241bb790a2054c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7e9f79428372c6eab92271390851be34ab26bfb4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f92298b0467fd77edc4c1a2c3e48833e69840ec4"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3249552B-A101-45A3-9F46-0E0F0BDBA9E3 (string)

versionEndExcluding : 4.18 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A8BA741C-9AA4-40E2-9FC0-E66CDEFE9BB9 (string)

versionEndExcluding : 5.10.221 (string)

versionStartIncluding : 4.19 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 10A39ACC-3005-40E8-875C-98A372D1FFD5 (string)

versionEndExcluding : 5.15.162 (string)

versionStartIncluding : 5.11 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 748B6C4B-1F61-47F9-96CC-8899B8412D84 (string)

versionEndExcluding : 6.1.97 (string)

versionStartIncluding : 5.16 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D72E033B-5323-4C4D-8818-36E1EBC3535F (string)

versionEndExcluding : 6.6.37 (string)

versionStartIncluding : 6.2 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E95105F2-32E3-4C5F-9D18-7AEFD0E6275C (string)

versionEndExcluding : 6.9.8 (string)

versionStartIncluding : 6.7 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: xdp: Remove WARN() from __xdp_reg_mem_model() syzkaller reports a warning in __xdp_reg_mem_model(). The warning occurs only if __mem_id_init_hash_table() returns an error. It returns the error in two cases: 1. memory allocation fails; 2. rhashtable_init() fails when some fields of rhashtable_params struct are not initialized properly. The second case cannot happen since there is a static const rhashtable_params struct with valid fields. So, warning is only triggered when there is a problem with memory allocation. Thus, there is no sense in using WARN() to handle this error and it can be safely removed. WARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 CPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 Call Trace: xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344 xdp_test_run_setup net/bpf/test_run.c:188 [inline] bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377 bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267 bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240 __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Found by Linux Verification Center (linuxtesting.org) with syzkaller. (string)

}

1 : { »

lang : es (string)

value : En el kernel de Linux, se resolvió la siguiente vulnerabilidad: xdp: Eliminar WARN() de __xdp_reg_mem_model() syzkaller informa una advertencia en __xdp_reg_mem_model(). La advertencia ocurre solo si __mem_id_init_hash_table() devuelve un error. Devuelve el error en dos casos: 1. falla la asignación de memoria; 2. rhashtable_init() falla cuando algunos campos de la estructura rhashtable_params no se inicializan correctamente. El segundo caso no puede ocurrir ya que hay una estructura estática const rhashtable_params con campos válidos. Por lo tanto, la advertencia sólo se activa cuando hay un problema con la asignación de memoria. Por lo tanto, no tiene sentido utilizar WARN() para manejar este error y se puede eliminar de forma segura. ADVERTENCIA: CPU: 0 PID: 5065 en net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 CPU: 0 PID: 5065 Comm: syz-executor883 No contaminado 6.8.0-syzkaller -05271-gf99c5f563c17 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 27/03/2024 RIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 Seguimiento de llamadas: xdp_reg_mem_model+0x22/ 0x40 net/core/xdp.c:344 xdp_test_run_setup net/bpf/test_run.c:188 [en línea] bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377 bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_ ejecutar.c: 1267 bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240 __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649 __do_sys_bpf kernel/bpf/syscall.c:5738 [en línea] pf kernel/bpf/syscall.c :5736 [en línea] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736 do_syscall_64+0xfb/0x240 Entry_SYSCALL_64_after_hwframe+0x6d/0x75 Encontrado por el Centro de verificación de Linux (linuxtesting.org) con syzkaller. (string)

}

]

id : CVE-2024-42082 (string)

lastModified : 2024-11-21T09:33:33.530 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2024-07-29T16:15:07.373 (string)

references : [ »

0 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/1095b8efbb13a6a5fa583ed373ee1ccab29da2d0 (string)

}

1 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/14e51ea78b4ccacb7acb1346b9241bb790a2054c (string)

}

2 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54 (string)

}

3 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2 (string)

}

4 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/7e9f79428372c6eab92271390851be34ab26bfb4 (string)

}

5 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/f92298b0467fd77edc4c1a2c3e48833e69840ec4 (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/1095b8efbb13a6a5fa583ed373ee1ccab29da2d0 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/14e51ea78b4ccacb7acb1346b9241bb790a2054c (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2 (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/7e9f79428372c6eab92271390851be34ab26bfb4 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/f92298b0467fd77edc4c1a2c3e48833e69840ec4 (string)

}

]

sourceIdentifier : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-770 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2024:6567", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.35.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6567", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.35.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-11T00:00:00Z"}], "bugzilla": {"description": "kernel: xdp: Remove WARN() from __xdp_reg_mem_model()", "id": "2300520", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300520"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-770", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nxdp: Remove WARN() from __xdp_reg_mem_model()\nsyzkaller reports a warning in __xdp_reg_mem_model().\nThe warning occurs only if __mem_id_init_hash_table() returns an error. It\nreturns the error in two cases:\n1. memory allocation fails;\n2. rhashtable_init() fails when some fields of rhashtable_params\nstruct are not initialized properly.\nThe second case cannot happen since there is a static const rhashtable_params\nstruct with valid fields. So, warning is only triggered when there is a\nproblem with memory allocation.\nThus, there is no sense in using WARN() to handle this error and it can be\nsafely removed.\nWARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\nCPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\nCall Trace:\nxdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344\nxdp_test_run_setup net/bpf/test_run.c:188 [inline]\nbpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377\nbpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267\nbpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240\n__sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649\n__do_sys_bpf kernel/bpf/syscall.c:5738 [inline]\n__se_sys_bpf kernel/bpf/syscall.c:5736 [inline]\n__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736\ndo_syscall_64+0xfb/0x240\nentry_SYSCALL_64_after_hwframe+0x6d/0x75\nFound by Linux Verification Center (linuxtesting.org) with syzkaller."], "name": "CVE-2024-42082", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42082\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42082\nhttps://lore.kernel.org/linux-cve-announce/2024072956-CVE-2024-42082-8411@gregkh/T"], "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2024:6567 (string)

cpe : cpe:/a:redhat:enterprise_linux:9 (string)

package : kernel-0:5.14.0-427.35.1.el9_4 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2024-09-11T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2024:6567 (string)

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

package : kernel-0:5.14.0-427.35.1.el9_4 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2024-09-11T00:00:00Z (string)

}

]

bugzilla : { »

description : kernel: xdp: Remove WARN() from __xdp_reg_mem_model() (string)

id : 2300520 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2300520 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 5.5 (string)

cvss3_scoring_vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

status : verified (string)

}

cwe : CWE-770 (string)

details : [ »

0 : In the Linux kernel, the following vulnerability has been resolved: xdp: Remove WARN() from __xdp_reg_mem_model() syzkaller reports a warning in __xdp_reg_mem_model(). The warning occurs only if __mem_id_init_hash_table() returns an error. It returns the error in two cases: 1. memory allocation fails; 2. rhashtable_init() fails when some fields of rhashtable_params struct are not initialized properly. The second case cannot happen since there is a static const rhashtable_params struct with valid fields. So, warning is only triggered when there is a problem with memory allocation. Thus, there is no sense in using WARN() to handle this error and it can be safely removed. WARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 CPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 Call Trace: xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344 xdp_test_run_setup net/bpf/test_run.c:188 [inline] bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377 bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267 bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240 __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Found by Linux Verification Center (linuxtesting.org) with syzkaller. (string)

]

name : CVE-2024-42082 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Out of support scope (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Will not fix (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

4 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Will not fix (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

5 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

]

public_date : 2024-07-29T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2024-42082 https://nvd.nist.gov/vuln/detail/CVE-2024-42082 https://lore.kernel.org/linux-cve-announce/2024072956-CVE-2024-42082-8411@gregkh/T (string)

]

threat_severity : Moderate (string)

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object