{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T03:38:08.607","vulnerabilities":[{"cve":{"id":"CVE-2024-42161","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-07-30T08:15:07.447","lastModified":"2025-11-03T22:17:44.150","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD\n\n[Changes from V1:\n - Use a default branch in the switch statement to initialize `val'.]\n\nGCC warns that `val' may be used uninitialized in the\nBPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as:\n\n\t[...]\n\tunsigned long long val;\t\t\t\t\t\t      \\\n\t[...]\t\t\t\t\t\t\t\t      \\\n\tswitch (__CORE_RELO(s, field, BYTE_SIZE)) {\t\t\t      \\\n\tcase 1: val = *(const unsigned char *)p; break;\t\t\t      \\\n\tcase 2: val = *(const unsigned short *)p; break;\t\t      \\\n\tcase 4: val = *(const unsigned int *)p; break;\t\t\t      \\\n\tcase 8: val = *(const unsigned long long *)p; break;\t\t      \\\n        }       \t\t\t\t\t\t\t      \\\n\t[...]\n\tval;\t\t\t\t\t\t\t\t      \\\n\t}\t\t\t\t\t\t\t\t      \\\n\nThis patch adds a default entry in the switch statement that sets\n`val' to zero in order to avoid the warning, and random values to be\nused in case __builtin_preserve_field_info returns unexpected values\nfor BPF_FIELD_BYTE_SIZE.\n\nTested in bpf-next master.\nNo regressions."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Evite el valor no inicializado en BPF_CORE_READ_BITFIELD [Cambios desde V1: - Use una rama predeterminada en la instrucción switch para inicializar `val'.] GCC advierte que `val' puede usarse sin inicializar en la macro BPF_CRE_READ_BITFIELD, definida en bpf_core_read.h como: [...] unsigned long long val; \\ [...] \\ switch (__CORE_RELO(s, campo, BYTE_SIZE)) { \\ case  1: val = *(const unsigned char *)p; break; \\ case 2: val = *(const unsigned short *)p; break; \\ case 4: val = *(const unsigned int *)p; romper; \\ case 8: val = *(const unsigned long long *)p; break; \\ } \\ [...] val; \\ } \\ Este parche agrega una entrada predeterminada en la declaración de cambio que establece `val' en cero para evitar la advertencia, y valores aleatorios que se usarán en caso de que __builtin_preserve_field_info devuelva valores inesperados para BPF_FIELD_BYTE_SIZE. Probado en bpf-next master. Sin regresiones."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.5}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-908"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.222","matchCriteriaId":"0ADFA1F9-906A-4D75-8667-7FECEF422B59"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.163","matchCriteriaId":"A97DEB09-4927-40F8-B5C6-F5BD5EAE0CFD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.98","matchCriteriaId":"E09E92A5-27EF-40E4-926A-B1CDC8270551"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.39","matchCriteriaId":"29E894E4-668F-4DB0-81F7-4FB5F698E970"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.9.9","matchCriteriaId":"ADCC1407-0CB3-4C8F-B4C5-07F682CD7085"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/009367099eb61a4fc2af44d4eb06b6b4de7de6db","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3364c2ed1c241989847f19cf83e3db903ce689e3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7e5471b5efebc30dd0bc035cda86693a5c73d45f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a21d76bd0b0d39518e9a4c19f6cf7c042a974aff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b694989bb13ed5f166e633faa1eb0f21c6d261a6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ff941a8449e712eaf7efca1a13bfb9afd3d99fc2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/009367099eb61a4fc2af44d4eb06b6b4de7de6db","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3364c2ed1c241989847f19cf83e3db903ce689e3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7e5471b5efebc30dd0bc035cda86693a5c73d45f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a21d76bd0b0d39518e9a4c19f6cf7c042a974aff","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b694989bb13ed5f166e633faa1eb0f21c6d261a6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ff941a8449e712eaf7efca1a13bfb9afd3d99fc2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}