{"id":"CVE-2024-42161","summary":"bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD\n\n[Changes from V1:\n - Use a default branch in the switch statement to initialize `val'.]\n\nGCC warns that `val' may be used uninitialized in the\nBPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as:\n\n\t[...]\n\tunsigned long long val;\t\t\t\t\t\t      \\\n\t[...]\t\t\t\t\t\t\t\t      \\\n\tswitch (__CORE_RELO(s, field, BYTE_SIZE)) {\t\t\t      \\\n\tcase 1: val = *(const unsigned char *)p; break;\t\t\t      \\\n\tcase 2: val = *(const unsigned short *)p; break;\t\t      \\\n\tcase 4: val = *(const unsigned int *)p; break;\t\t\t      \\\n\tcase 8: val = *(const unsigned long long *)p; break;\t\t      \\\n        }       \t\t\t\t\t\t\t      \\\n\t[...]\n\tval;\t\t\t\t\t\t\t\t      \\\n\t}\t\t\t\t\t\t\t\t      \\\n\nThis patch adds a default entry in the switch statement that sets\n`val' to zero in order to avoid the warning, and random values to be\nused in case __builtin_preserve_field_info returns unexpected values\nfor BPF_FIELD_BYTE_SIZE.\n\nTested in bpf-next master.\nNo regressions.","modified":"2026-05-18T05:56:07.164472896Z","published":"2024-07-30T07:47:03.136Z","related":["SUSE-SU-2024:2894-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2947-1","SUSE-SU-2024:3194-1","SUSE-SU-2024:3195-1","SUSE-SU-2024:3383-1","SUSE-SU-2025:20044-1","SUSE-SU-2025:20047-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42161.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/009367099eb61a4fc2af44d4eb06b6b4de7de6db"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3364c2ed1c241989847f19cf83e3db903ce689e3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7e5471b5efebc30dd0bc035cda86693a5c73d45f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a21d76bd0b0d39518e9a4c19f6cf7c042a974aff"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b694989bb13ed5f166e633faa1eb0f21c6d261a6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ff941a8449e712eaf7efca1a13bfb9afd3d99fc2"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42161.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42161"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ee26dade0e3bcd8a34ae7520e373fb69365fce7a"},{"fixed":"b694989bb13ed5f166e633faa1eb0f21c6d261a6"},{"fixed":"3364c2ed1c241989847f19cf83e3db903ce689e3"},{"fixed":"a21d76bd0b0d39518e9a4c19f6cf7c042a974aff"},{"fixed":"7e5471b5efebc30dd0bc035cda86693a5c73d45f"},{"fixed":"ff941a8449e712eaf7efca1a13bfb9afd3d99fc2"},{"fixed":"009367099eb61a4fc2af44d4eb06b6b4de7de6db"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42161.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.222"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.163"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.98"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.39"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.9.9"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42161.json"}}],"schema_version":"1.7.5"}