5.5
MEDIUM
CVE-2024-42106
Linux Kernel - Uninitialized Value Vulnerability in inet_diag
Description

In the Linux kernel, the following vulnerability has been resolved: inet_diag: Initialize pad field in struct inet_diag_req_v2 KMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw sockets uses the pad field in struct inet_diag_req_v2 for the underlying protocol. This field corresponds to the sdiag_raw_protocol field in struct inet_diag_req_raw. inet_diag_get_exact_compat() converts inet_diag_req to inet_diag_req_v2, but leaves the pad field uninitialized. So the issue occurs when raw_lookup() accesses the sdiag_raw_protocol field. Fix this by initializing the pad field in inet_diag_get_exact_compat(). Also, do the same fix in inet_diag_dump_compat() to avoid the similar issue in the future. [1] BUG: KMSAN: uninit-value in raw_lookup net/ipv4/raw_diag.c:49 [inline] BUG: KMSAN: uninit-value in raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71 raw_lookup net/ipv4/raw_diag.c:49 [inline] raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71 raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99 inet_diag_cmd_exact+0x7d9/0x980 inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline] inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426 sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282 netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564 sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline] netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361 netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x332/0x3d0 net/socket.c:745 ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639 __sys_sendmsg net/socket.c:2668 [inline] __do_sys_sendmsg net/socket.c:2677 [inline] __se_sys_sendmsg net/socket.c:2675 [inline] __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675 x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: raw_sock_get+0x650/0x800 net/ipv4/raw_diag.c:71 raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99 inet_diag_cmd_exact+0x7d9/0x980 inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline] inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426 sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282 netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564 sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline] netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361 netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x332/0x3d0 net/socket.c:745 ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639 __sys_sendmsg net/socket.c:2668 [inline] __do_sys_sendmsg net/socket.c:2677 [inline] __se_sys_sendmsg net/socket.c:2675 [inline] __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675 x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Local variable req.i created at: inet_diag_get_exact_compat net/ipv4/inet_diag.c:1396 [inline] inet_diag_rcv_msg_compat+0x2a6/0x530 net/ipv4/inet_diag.c:1426 sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282 CPU: 1 PID: 8888 Comm: syz-executor.6 Not tainted 6.10.0-rc4-00217-g35bb670d65fc #32 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014

INFO

Published Date :

July 30, 2024, 8:15 a.m.

Last Modified :

Feb. 3, 2025, 3:23 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.8
Affected Products

The following products are affected by CVE-2024-42106 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-42106.

URL Resource
https://git.kernel.org/stable/c/0184bf0a349f4cf9e663abbe862ff280e8e4dfa2 Patch
https://git.kernel.org/stable/c/61cf1c739f08190a4cbf047b9fbb192a94d87e3f Patch
https://git.kernel.org/stable/c/7094a5fd20ab66028f1da7f06e0f2692d70346f9 Patch
https://git.kernel.org/stable/c/76965648fe6858db7c5f3c700fef7aa5f124ca1c Patch
https://git.kernel.org/stable/c/7ef519c8efde152e0d632337f2994f6921e0b7e4 Patch
https://git.kernel.org/stable/c/8366720519ea8d322a20780debdfd23d9fc0904a Patch
https://git.kernel.org/stable/c/d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb Patch
https://git.kernel.org/stable/c/f9b2010e8af49fac9d9562146fb81744d8a9b051 Patch
https://git.kernel.org/stable/c/0184bf0a349f4cf9e663abbe862ff280e8e4dfa2 Patch
https://git.kernel.org/stable/c/61cf1c739f08190a4cbf047b9fbb192a94d87e3f Patch
https://git.kernel.org/stable/c/7094a5fd20ab66028f1da7f06e0f2692d70346f9 Patch
https://git.kernel.org/stable/c/76965648fe6858db7c5f3c700fef7aa5f124ca1c Patch
https://git.kernel.org/stable/c/7ef519c8efde152e0d632337f2994f6921e0b7e4 Patch
https://git.kernel.org/stable/c/8366720519ea8d322a20780debdfd23d9fc0904a Patch
https://git.kernel.org/stable/c/d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb Patch
https://git.kernel.org/stable/c/f9b2010e8af49fac9d9562146fb81744d8a9b051 Patch

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-42106 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-42106 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Feb. 03, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE NIST CWE-908
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.10 up to (excluding) 4.19.318 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.280 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.222 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.163 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.98 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.39 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.9.9 *cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*
    Changed Reference Type https://git.kernel.org/stable/c/0184bf0a349f4cf9e663abbe862ff280e8e4dfa2 No Types Assigned https://git.kernel.org/stable/c/0184bf0a349f4cf9e663abbe862ff280e8e4dfa2 Patch
    Changed Reference Type https://git.kernel.org/stable/c/0184bf0a349f4cf9e663abbe862ff280e8e4dfa2 No Types Assigned https://git.kernel.org/stable/c/0184bf0a349f4cf9e663abbe862ff280e8e4dfa2 Patch
    Changed Reference Type https://git.kernel.org/stable/c/61cf1c739f08190a4cbf047b9fbb192a94d87e3f No Types Assigned https://git.kernel.org/stable/c/61cf1c739f08190a4cbf047b9fbb192a94d87e3f Patch
    Changed Reference Type https://git.kernel.org/stable/c/61cf1c739f08190a4cbf047b9fbb192a94d87e3f No Types Assigned https://git.kernel.org/stable/c/61cf1c739f08190a4cbf047b9fbb192a94d87e3f Patch
    Changed Reference Type https://git.kernel.org/stable/c/7094a5fd20ab66028f1da7f06e0f2692d70346f9 No Types Assigned https://git.kernel.org/stable/c/7094a5fd20ab66028f1da7f06e0f2692d70346f9 Patch
    Changed Reference Type https://git.kernel.org/stable/c/7094a5fd20ab66028f1da7f06e0f2692d70346f9 No Types Assigned https://git.kernel.org/stable/c/7094a5fd20ab66028f1da7f06e0f2692d70346f9 Patch
    Changed Reference Type https://git.kernel.org/stable/c/76965648fe6858db7c5f3c700fef7aa5f124ca1c No Types Assigned https://git.kernel.org/stable/c/76965648fe6858db7c5f3c700fef7aa5f124ca1c Patch
    Changed Reference Type https://git.kernel.org/stable/c/76965648fe6858db7c5f3c700fef7aa5f124ca1c No Types Assigned https://git.kernel.org/stable/c/76965648fe6858db7c5f3c700fef7aa5f124ca1c Patch
    Changed Reference Type https://git.kernel.org/stable/c/7ef519c8efde152e0d632337f2994f6921e0b7e4 No Types Assigned https://git.kernel.org/stable/c/7ef519c8efde152e0d632337f2994f6921e0b7e4 Patch
    Changed Reference Type https://git.kernel.org/stable/c/7ef519c8efde152e0d632337f2994f6921e0b7e4 No Types Assigned https://git.kernel.org/stable/c/7ef519c8efde152e0d632337f2994f6921e0b7e4 Patch
    Changed Reference Type https://git.kernel.org/stable/c/8366720519ea8d322a20780debdfd23d9fc0904a No Types Assigned https://git.kernel.org/stable/c/8366720519ea8d322a20780debdfd23d9fc0904a Patch
    Changed Reference Type https://git.kernel.org/stable/c/8366720519ea8d322a20780debdfd23d9fc0904a No Types Assigned https://git.kernel.org/stable/c/8366720519ea8d322a20780debdfd23d9fc0904a Patch
    Changed Reference Type https://git.kernel.org/stable/c/d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb No Types Assigned https://git.kernel.org/stable/c/d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb Patch
    Changed Reference Type https://git.kernel.org/stable/c/d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb No Types Assigned https://git.kernel.org/stable/c/d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb Patch
    Changed Reference Type https://git.kernel.org/stable/c/f9b2010e8af49fac9d9562146fb81744d8a9b051 No Types Assigned https://git.kernel.org/stable/c/f9b2010e8af49fac9d9562146fb81744d8a9b051 Patch
    Changed Reference Type https://git.kernel.org/stable/c/f9b2010e8af49fac9d9562146fb81744d8a9b051 No Types Assigned https://git.kernel.org/stable/c/f9b2010e8af49fac9d9562146fb81744d8a9b051 Patch
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/0184bf0a349f4cf9e663abbe862ff280e8e4dfa2
    Added Reference https://git.kernel.org/stable/c/61cf1c739f08190a4cbf047b9fbb192a94d87e3f
    Added Reference https://git.kernel.org/stable/c/7094a5fd20ab66028f1da7f06e0f2692d70346f9
    Added Reference https://git.kernel.org/stable/c/76965648fe6858db7c5f3c700fef7aa5f124ca1c
    Added Reference https://git.kernel.org/stable/c/7ef519c8efde152e0d632337f2994f6921e0b7e4
    Added Reference https://git.kernel.org/stable/c/8366720519ea8d322a20780debdfd23d9fc0904a
    Added Reference https://git.kernel.org/stable/c/d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb
    Added Reference https://git.kernel.org/stable/c/f9b2010e8af49fac9d9562146fb81744d8a9b051
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jul. 30, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: inet_diag: Initialize pad field in struct inet_diag_req_v2 KMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw sockets uses the pad field in struct inet_diag_req_v2 for the underlying protocol. This field corresponds to the sdiag_raw_protocol field in struct inet_diag_req_raw. inet_diag_get_exact_compat() converts inet_diag_req to inet_diag_req_v2, but leaves the pad field uninitialized. So the issue occurs when raw_lookup() accesses the sdiag_raw_protocol field. Fix this by initializing the pad field in inet_diag_get_exact_compat(). Also, do the same fix in inet_diag_dump_compat() to avoid the similar issue in the future. [1] BUG: KMSAN: uninit-value in raw_lookup net/ipv4/raw_diag.c:49 [inline] BUG: KMSAN: uninit-value in raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71 raw_lookup net/ipv4/raw_diag.c:49 [inline] raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71 raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99 inet_diag_cmd_exact+0x7d9/0x980 inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline] inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426 sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282 netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564 sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline] netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361 netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x332/0x3d0 net/socket.c:745 ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639 __sys_sendmsg net/socket.c:2668 [inline] __do_sys_sendmsg net/socket.c:2677 [inline] __se_sys_sendmsg net/socket.c:2675 [inline] __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675 x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: raw_sock_get+0x650/0x800 net/ipv4/raw_diag.c:71 raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99 inet_diag_cmd_exact+0x7d9/0x980 inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline] inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426 sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282 netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564 sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline] netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361 netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x332/0x3d0 net/socket.c:745 ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639 __sys_sendmsg net/socket.c:2668 [inline] __do_sys_sendmsg net/socket.c:2677 [inline] __se_sys_sendmsg net/socket.c:2675 [inline] __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675 x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Local variable req.i created at: inet_diag_get_exact_compat net/ipv4/inet_diag.c:1396 [inline] inet_diag_rcv_msg_compat+0x2a6/0x530 net/ipv4/inet_diag.c:1426 sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282 CPU: 1 PID: 8888 Comm: syz-executor.6 Not tainted 6.10.0-rc4-00217-g35bb670d65fc #32 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014
    Added Reference kernel.org https://git.kernel.org/stable/c/7094a5fd20ab66028f1da7f06e0f2692d70346f9 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/0184bf0a349f4cf9e663abbe862ff280e8e4dfa2 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/7ef519c8efde152e0d632337f2994f6921e0b7e4 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/8366720519ea8d322a20780debdfd23d9fc0904a [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/76965648fe6858db7c5f3c700fef7aa5f124ca1c [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/f9b2010e8af49fac9d9562146fb81744d8a9b051 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/61cf1c739f08190a4cbf047b9fbb192a94d87e3f [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-42106 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-42106 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
:
© cvefeed.io
Latest DB Update: May. 12, 2025 12:37