Login Sign Up

CVE-2024-42068

5.5 MEDIUM

📋 TL;DR

This Linux kernel vulnerability in the BPF subsystem occurs when the bpf_prog_lock_ro() function fails to properly handle errors from set_memory_ro(), potentially leaving memory pages writable when they should be read-only. This affects systems running vulnerable Linux kernel versions with BPF enabled. Attackers could potentially modify supposedly protected memory regions.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Specific vulnerable versions not explicitly stated in CVE, but patches exist for multiple stable branches
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires CONFIG_BPF_SYSCALL enabled and user with CAP_BPF or CAP_SYS_ADMIN capabilities

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could modify read-only BPF program memory to execute arbitrary code with kernel privileges, leading to full system compromise.

🟠

Likely Case

Local privilege escalation where an authenticated user gains kernel-level access to modify system memory.

🟢

If Mitigated

With proper kernel hardening and BPF restrictions, impact is limited to denial of service or information disclosure.

🌐 Internet-Facing: LOW - This requires local access to the system and BPF capabilities.
🏢 Internal Only: MEDIUM - Internal users with shell access could potentially exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and BPF privileges. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with commits: 05412471beba, 7d2cc63eca0c, a359696856ca, e4f602e3ff74

Vendor Advisory: https://git.kernel.org/stable/c/05412471beba313ecded95aa17b25fe84bb2551a

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable BPF subsystem

linux

Disable BPF functionality to prevent exploitation

echo 0 > /proc/sys/kernel/unprivileged_bpf_disabled
Remove CAP_BPF from non-privileged users

Restrict BPF capabilities

linux

Limit which users can load BPF programs

sysctl -w kernel.unprivileged_bpf_disabled=1

🧯 If You Can't Patch

  • Restrict BPF usage to trusted administrators only
  • Implement strict access controls and monitor for unusual BPF program loading

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions from kernel.org stable trees

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes one of the fix commits: 05412471beba, 7d2cc63eca0c, a359696856ca, or e4f602e3ff74

📡 Detection & Monitoring

Log Indicators:

  • Failed BPF program loads
  • Kernel oops or warnings related to memory protection

Network Indicators:

  • None - local exploit only

SIEM Query:

Process monitoring for bpf() system calls from non-privileged users

📊 Metadata

CVE ID: CVE-2024-42068
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-252
Published: July 29, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42068, you might also want to check these:

CVE-1999-0199 9.8

This CVE describes a documentation issue in glibc's tdelete function where the return value behavior...

Same vulnerability type (CWE-252)
CVE-2025-66565 9.8

A critical vulnerability in Fiber Utils library versions 2.0.0-rc.3 and below causes predictable UUI...

Same vulnerability type (CWE-252)
CVE-2021-26955 9.8

This vulnerability in the xcb Rust crate allows attackers to trigger undefined behavior by exploitin...

Same vulnerability type (CWE-252)