#VU95077 Incorrect calculation in Linux kernel - CVE-2024-42067
Published: July 31, 2024 / Updated: May 12, 2025
Linux kernel
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the bpf_flush_icache() function in arch/sparc/net/bpf_jit_comp_64.c, within the print_fn_code() function in arch/s390/net/bpf_jit_comp.c, within the bpf_flush_icache() function in arch/parisc/net/bpf_jit_core.c, within the bpf_int_jit_compile() function in arch/mips/net/bpf_jit_comp.c, within the flush_icache_range() and bpf_jit_binary_free() functions in arch/loongarch/net/bpf_jit.c, within the bpf_int_jit_compile() and bpf_jit_prog_release_other() functions in arch/arm/net/bpf_jit_32.c. A local user can perform a denial of service (DoS) attack.
Remediation
External links
- https://git.kernel.org/stable/c/08f6c05feb1db21653e98ca84ea04ca032d014c7
- https://git.kernel.org/stable/c/9fef36cad60d4226f9d06953cd56d1d2f9119730
- https://git.kernel.org/stable/c/044da7ae7afd4ef60806d73654a2e6a79aa4ed7a
- https://git.kernel.org/stable/c/e60adf513275c3a38e5cb67f7fd12387e43a3ff5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.37
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.38