How severe is CVE-2024-42161?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2024-42161?

This is classified as CWE-908, which is a common weakness in software security.

CVE-2024-42161 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD [Changes from V1: - Use a default branch in the switch statement to initialize `val'.] GCC warns that `val' may be used uninitialized in the BPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as: [...] unsigned long long val; \ [...] \ switch (__CORE_RELO(s, field, BYTE_SIZE)) { \ case 1: val = *(const unsigned char *)p; break; \ case 2: val = *(const unsigned short *)p; break; \ case 4: val = *(const unsigned int *)p; break; \ case 8: val = *(const unsigned long long *)p; break; \ } \ [...] val; \ } \ This patch adds a default entry in the switch statement that sets `val' to zero in order to avoid the warning, and random values to be used in case __builtin_preserve_field_info returns unexpected values for BPF_FIELD_BYTE_SIZE. Tested in bpf-next master. No regressions.

Related Vulnerabilities

CVE-2020-6444

MEDIUM

CVSS:6.3(Medium)

Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CWE-9082020

CVE-2018-9378

MEDIUM

CVSS:6.2(Medium)

In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional...

CWE-9082018

CVE-2024-38254

MEDIUM

CVSS:6.2(Medium)

Windows Authentication Information Disclosure Vulnerability

CWE-9082024

CVE-2018-18366

MEDIUM

CVSS:6.5(Medium)

Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.700...

CWE-9082018

CVE-2018-20992

MEDIUM

CVSS:6.5(Medium)

An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled.

CWE-9082018

CVE-2018-6982

MEDIUM

CVSS:6.5(Medium)

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an infor...

CWE-9082018