CVE-2024-42161Use of Uninitialized Resource in Linux

CWE-908Use of Uninitialized ResourceCWE-457Use of Uninitialized Variable40 documents8 sources
Severity
6.3MEDIUMNVD
OSV5.5
EPSS
0.0%
top 93.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
LinuxLinux KernelDebian Linux+9 more
Timeline
PublishedJul 30
Latest updateAug 14

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD [Changes from V1: - Use a default branch in the switch statement to initialize `val'.] GCC warns that `val' may be used uninitialized in the BPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as: [...] unsigned long long val; \ [...] \ switch (__CORE_RELO(s, field, BYTE_SIZE)) { \ case 1: val = *(const unsigned char *)p; break; \ case 2: val = *(const unsigned sho

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:HExploitability: 0.8 | Impact: 5.5

Affected Packages14 packages

NVDlinux/linux_kernel5.115.15.163+4
Debianlinux/linux_kernel< 5.10.223-1+3
Ubuntulinux/linux_kernel< 5.15.0-121.131+1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

18
OSV
linux-gkeop vulnerabilities2024-12-12
OSV
linux-lowlatency, linux-lowlatency-hwe-6.8 vulnerabilities2024-11-19
OSV
linux-gke vulnerabilities2024-11-15
OSV
linux-raspi vulnerabilities2024-11-14
OSV
linux-oem-6.8 vulnerabilities2024-11-13

📋Vendor Advisories

21
CISA ICS
Siemens Third-Party Components in SINEC OS2025-08-14
CISA ICS
Siemens SIMATIC S7-1500 TM MFP2025-03-13
Ubuntu
Linux kernel (GKE) vulnerabilities2024-12-12
Ubuntu
Linux kernel (Low Latency) vulnerabilities2024-11-19
Ubuntu
Linux kernel vulnerabilities2024-11-15