{
  "threat_severity" : "Moderate",
  "public_date" : "2024-08-17T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: sched: act_ct: take care of padding in struct zones_ht_key",
    "id" : "2305417",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2305417"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nsched: act_ct: take care of padding in struct zones_ht_key\nBlamed commit increased lookup key size from 2 bytes to 16 bytes,\nbecause zones_ht_key got a struct net pointer.\nMake sure rhashtable_lookup() is not using the padding bytes\nwhich are not initialized.\nBUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\nBUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\nBUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\nBUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\nBUG: KMSAN: uninit-value in tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\nrht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n__rhashtable_lookup include/linux/rhashtable.h:607 [inline]\nrhashtable_lookup include/linux/rhashtable.h:646 [inline]\nrhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\ntcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\ntcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408\ntcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425\ntcf_action_init+0x458/0xf00 net/sched/act_api.c:1488\ntcf_action_add net/sched/act_api.c:2061 [inline]\ntc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118\nrtnetlink_rcv_msg+0x12fc/0x1410 net/core/rtnetlink.c:6647\nnetlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550\nrtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665\nnetlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\nnetlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1357\nnetlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg+0x30f/0x380 net/socket.c:745\n____sys_sendmsg+0x877/0xb60 net/socket.c:2597\n___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651\n__sys_sendmsg net/socket.c:2680 [inline]\n__do_sys_sendmsg net/socket.c:2689 [inline]\n__se_sys_sendmsg net/socket.c:2687 [inline]\n__x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687\nx64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nLocal variable key created at:\ntcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324\ntcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408", "rhashtable_lookup() may be using padding bytes which are not initialized. This may lead to possible compromised Availability." ],
  "statement" : "Red Hat Enterprise Linux 7 and 8 are not affected by this vulnerability.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-10-16T00:00:00Z",
    "advisory" : "RHSA-2024:8162",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.40.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-10-16T00:00:00Z",
    "advisory" : "RHSA-2024:8162",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.40.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "release_date" : "2024-10-16T00:00:00Z",
    "advisory" : "RHSA-2024:8157",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.2",
    "package" : "kernel-0:5.14.0-284.88.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "release_date" : "2024-10-16T00:00:00Z",
    "advisory" : "RHSA-2024:8158",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.2::nfv",
    "package" : "kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-42272\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42272\nhttps://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42272-c687@gregkh/T" ],
  "name" : "CVE-2024-42272",
  "csaw" : false
}