Login Sign Up

CVE-2024-42161

6.3 MEDIUM

📋 TL;DR

This CVE addresses an uninitialized variable vulnerability in the Linux kernel's BPF subsystem. The BPF_CORE_READ_BITFIELD macro could use uninitialized memory values when reading bitfields, potentially exposing kernel memory contents. This affects systems running vulnerable Linux kernel versions with BPF enabled.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Specific affected versions not explicitly stated in CVE description; check kernel commit history for exact range.
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires CONFIG_BPF_SYSCALL enabled and ability to load BPF programs. Most modern Linux distributions have BPF enabled by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory disclosure leading to information leaks that could aid privilege escalation or bypass security mechanisms.

🟠

Likely Case

Information disclosure of kernel memory contents, potentially revealing sensitive data structures or pointers.

🟢

If Mitigated

No impact if the vulnerability is patched or BPF is disabled.

🌐 Internet-Facing: LOW - Requires local access or ability to load BPF programs.
🏢 Internal Only: MEDIUM - Local users or processes with BPF capabilities could exploit this for information disclosure.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to load BPF programs (typically requires CAP_BPF or CAP_SYS_ADMIN). This is an information disclosure vulnerability rather than direct code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check kernel commits: 009367099eb61a4fc2af44d4eb06b6b4de7de6db and related stable commits

Vendor Advisory: https://git.kernel.org/stable/c/009367099eb61a4fc2af44d4eb06b6b4de7de6db

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable BPF subsystem

linux

Disable BPF functionality to prevent exploitation

echo 'kernel.unprivileged_bpf_disabled=1' >> /etc/sysctl.conf
sysctl -p

Restrict BPF program loading

linux

Limit which users can load BPF programs using capabilities

setcap -r /path/to/binary cap_bpf
Remove CAP_BPF from unnecessary processes

🧯 If You Can't Patch

  • Implement strict BPF program loading restrictions using Linux capabilities
  • Monitor for unusual BPF program loading activity and kernel memory access patterns

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions from kernel.org or your distribution vendor

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commit 009367099eb61a4fc2af44d4eb06b6b4de7de6db

📡 Detection & Monitoring

Log Indicators:

  • Kernel logs showing BPF program loading failures or warnings
  • Audit logs for BPF-related syscalls

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Search for: kernel.*BPF.*warning OR audit.type=SYSCALL syscall=bpf

📊 Metadata

CVE ID: CVE-2024-42161
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
CWE: CWE-908
Published: July 30, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42161, you might also want to check these:

CVE-2021-26305 9.8

CVE-2021-26305 is a deserialization vulnerability in the cdr crate for Rust that allows a malicious ...

Same vulnerability type (CWE-908)
CVE-2020-36443 9.8

This vulnerability in libp2p-deflate crate for Rust allows reading uninitialized memory due to passi...

Same vulnerability type (CWE-908)
CVE-2020-36452 9.8

This vulnerability in the array-tools Rust crate allows attackers to cause memory corruption by expl...

Same vulnerability type (CWE-908)