{"id":"CVE-2024-42063","summary":"bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode\n\nsyzbot reported uninit memory usages during map_{lookup,delete}_elem.\n\n==========\nBUG: KMSAN: uninit-value in __dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline]\nBUG: KMSAN: uninit-value in dev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796\n__dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline]\ndev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796\n____bpf_map_lookup_elem kernel/bpf/helpers.c:42 [inline]\nbpf_map_lookup_elem+0x5c/0x80 kernel/bpf/helpers.c:38\n___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997\n__bpf_prog_run256+0xb5/0xe0 kernel/bpf/core.c:2237\n==========\n\nThe reproducer should be in the interpreter mode.\n\nThe C reproducer is trying to run the following bpf prog:\n\n    0: (18) r0 = 0x0\n    2: (18) r1 = map[id:49]\n    4: (b7) r8 = 16777216\n    5: (7b) *(u64 *)(r10 -8) = r8\n    6: (bf) r2 = r10\n    7: (07) r2 += -229\n            ^^^^^^^^^^\n\n    8: (b7) r3 = 8\n    9: (b7) r4 = 0\n   10: (85) call dev_map_lookup_elem#1543472\n   11: (95) exit\n\nIt is due to the \"void *key\" (r2) passed to the helper. bpf allows uninit\nstack memory access for bpf prog with the right privileges. This patch\nuses kmsan_unpoison_memory() to mark the stack as initialized.\n\nThis should address different syzbot reports on the uninit \"void *key\"\nargument during map_{lookup,delete}_elem.","modified":"2026-04-02T12:17:37.378712Z","published":"2024-07-29T15:52:28.533Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42063.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3189983c26108cf0990e5c46856dc9feb9470d12"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b30f3197a6cd080052d5d4973f9a6b479fd9fff5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d812ae6e02bd6e6a9cd1fdb09519c2f33e875faf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e8742081db7d01f980c6161ae1e8a1dbc1e30979"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42063.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42063"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8"},{"fixed":"b30f3197a6cd080052d5d4973f9a6b479fd9fff5"},{"fixed":"d812ae6e02bd6e6a9cd1fdb09519c2f33e875faf"},{"fixed":"3189983c26108cf0990e5c46856dc9feb9470d12"},{"fixed":"e8742081db7d01f980c6161ae1e8a1dbc1e30979"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42063.json"}}],"schema_version":"1.7.5"}