Wind River Support Network

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD [Changes from V1: - Use a default branch in the switch statement to initialize `val\'.] GCC warns that `val\' may be used uninitialized in the BPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as: [...] unsigned long long val; \\ [...] \\ switch (__CORE_RELO(s, field, BYTE_SIZE)) { \\ case 1: val = *(const unsigned char *)p; break; \\ case 2: val = *(const unsigned short *)p; break; \\ case 4: val = *(const unsigned int *)p; break; \\ case 8: val = *(const unsigned long long *)p; break; \\ } \\ [...] val; \\ } \\ This patch adds a default entry in the switch statement that sets `val\' to zero in order to avoid the warning, and random values to be used in case __builtin_preserve_field_info returns unexpected values for BPF_FIELD_BYTE_SIZE. Tested in bpf-next master. No regressions.

Find out more about CVE-2024-42161 from the MITRE-CVE dictionary and NIST NVD

---

Products Affected

Login may be required to access defects or downloads.

Related Products

Notes
Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.