SB20240731160 - Incorrect calculation in Linux kernel arm net
Published: July 31, 2024 Updated: May 12, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Incorrect calculation (CVE-ID: CVE-2024-42067)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the bpf_flush_icache() function in arch/sparc/net/bpf_jit_comp_64.c, within the print_fn_code() function in arch/s390/net/bpf_jit_comp.c, within the bpf_flush_icache() function in arch/parisc/net/bpf_jit_core.c, within the bpf_int_jit_compile() function in arch/mips/net/bpf_jit_comp.c, within the flush_icache_range() and bpf_jit_binary_free() functions in arch/loongarch/net/bpf_jit.c, within the bpf_int_jit_compile() and bpf_jit_prog_release_other() functions in arch/arm/net/bpf_jit_32.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/08f6c05feb1db21653e98ca84ea04ca032d014c7
- https://git.kernel.org/stable/c/9fef36cad60d4226f9d06953cd56d1d2f9119730
- https://git.kernel.org/stable/c/044da7ae7afd4ef60806d73654a2e6a79aa4ed7a
- https://git.kernel.org/stable/c/e60adf513275c3a38e5cb67f7fd12387e43a3ff5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.37
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.38