CVE-2024-42272: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: sched: act_ct: take care of padding in struct zones_ht_key Blamed commit increased lookup key size from 2 bytes to 16 bytes, because zones_ht_key got a struct net pointer. Make sure rhashtable_lookup() is not using the padding bytes which are not initialized. BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline] BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline] BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline] BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline] BUG: KMSAN: uninit-value in tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329 rht_ptr_rcu include/linux/rhashtable.h:376 [inline] __rhashtable_lookup include/linux/rhashtable.h:607 [inline] rhashtable_lookup include/linux/rhashtable.h:646 [inline] rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline] tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329 tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408 tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425 tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488 tcf_action_add net/sched/act_api.c:2061 [inline] tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118 rtnetlink_rcv_msg+0x12fc/0x1410 net/core/rtnetlink.c:6647 netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550 rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665 netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline] netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1357 netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 ____sys_sendmsg+0x877/0xb60 net/socket.c:2597 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651 __sys_sendmsg net/socket.c:2680 [inline] __do_sys_sendmsg net/socket.c:2689 [inline] __se_sys_sendmsg net/socket.c:2687 [inline] __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687 x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Local variable key created at: tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324 tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408
AI Analysis
Technical Summary
CVE-2024-42272 is a vulnerability identified in the Linux kernel, specifically within the network scheduler's connection tracking action (act_ct) component. The root cause stems from improper handling of padding bytes in the struct zones_ht_key, which is used as a key in a resizable hash table (rhashtable). A recent code change increased the size of the lookup key from 2 bytes to 16 bytes by adding a struct net pointer, but the padding bytes within this structure were not properly initialized. This leads to the use of uninitialized memory during rhashtable lookups, as detected by Kernel Memory Sanitizer (KMSAN) warnings. The uninitialized value usage occurs in multiple inline functions related to rhashtable lookups, such as rht_ptr_rcu, __rhashtable_lookup, rhashtable_lookup, and rhashtable_lookup_fast. The vulnerability manifests during the execution of tcf_ct_flow_table_get and related functions in net/sched/act_ct.c, which are involved in managing flow tables for connection tracking in the Linux traffic control subsystem. The issue could cause undefined behavior, including potential memory corruption or information leakage due to the use of uninitialized memory. However, no known exploits are reported in the wild at this time. The vulnerability affects multiple Linux kernel versions identified by specific commit hashes. The flaw is local in nature, requiring code execution within the kernel context, and is tied to network traffic control operations. The absence of a CVSS score indicates that the severity has not been formally assessed yet, but the technical details suggest a moderate risk due to the potential for memory corruption and instability in kernel networking components.
Potential Impact
For European organizations, this vulnerability could impact any systems running affected Linux kernel versions, particularly those utilizing advanced network traffic control features such as connection tracking in high-performance or security-sensitive environments (e.g., data centers, ISPs, cloud providers, and enterprises with complex network policies). The flaw could lead to kernel instability, crashes, or potentially exploitable conditions that might allow privilege escalation or information disclosure if combined with other vulnerabilities. This is especially critical for organizations relying on Linux-based infrastructure for critical services, including telecommunications, financial services, and government networks. Disruptions or compromises in these environments could lead to service outages, data breaches, or compliance violations under regulations such as GDPR. Although no active exploits are known, the presence of uninitialized memory usage in kernel code is a common vector for subtle security issues, warranting prompt attention.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions where this vulnerability is patched once official fixes are released. Until patches are available, organizations should: 1) Limit the use of advanced traffic control features related to connection tracking (act_ct) if feasible, to reduce exposure. 2) Employ kernel hardening techniques such as Kernel Address Sanitizer (KASAN) or Kernel Memory Sanitizer (KMSAN) in testing environments to detect similar issues proactively. 3) Monitor kernel logs for unusual KMSAN warnings or kernel errors related to rhashtable lookups or traffic control modules. 4) Restrict local access to systems running vulnerable kernels to trusted users only, minimizing the risk of local exploitation. 5) Implement strict network segmentation and firewall rules to limit the ability of attackers to trigger vulnerable code paths remotely via crafted network traffic. 6) Engage with Linux distribution vendors for timely updates and advisories. 7) Conduct thorough regression testing after kernel upgrades to ensure stability of network functions.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2024-42272: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: sched: act_ct: take care of padding in struct zones_ht_key Blamed commit increased lookup key size from 2 bytes to 16 bytes, because zones_ht_key got a struct net pointer. Make sure rhashtable_lookup() is not using the padding bytes which are not initialized. BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline] BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline] BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline] BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline] BUG: KMSAN: uninit-value in tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329 rht_ptr_rcu include/linux/rhashtable.h:376 [inline] __rhashtable_lookup include/linux/rhashtable.h:607 [inline] rhashtable_lookup include/linux/rhashtable.h:646 [inline] rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline] tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329 tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408 tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425 tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488 tcf_action_add net/sched/act_api.c:2061 [inline] tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118 rtnetlink_rcv_msg+0x12fc/0x1410 net/core/rtnetlink.c:6647 netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550 rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665 netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline] netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1357 netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 ____sys_sendmsg+0x877/0xb60 net/socket.c:2597 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651 __sys_sendmsg net/socket.c:2680 [inline] __do_sys_sendmsg net/socket.c:2689 [inline] __se_sys_sendmsg net/socket.c:2687 [inline] __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687 x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Local variable key created at: tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324 tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408
AI-Powered Analysis
Technical Analysis
CVE-2024-42272 is a vulnerability identified in the Linux kernel, specifically within the network scheduler's connection tracking action (act_ct) component. The root cause stems from improper handling of padding bytes in the struct zones_ht_key, which is used as a key in a resizable hash table (rhashtable). A recent code change increased the size of the lookup key from 2 bytes to 16 bytes by adding a struct net pointer, but the padding bytes within this structure were not properly initialized. This leads to the use of uninitialized memory during rhashtable lookups, as detected by Kernel Memory Sanitizer (KMSAN) warnings. The uninitialized value usage occurs in multiple inline functions related to rhashtable lookups, such as rht_ptr_rcu, __rhashtable_lookup, rhashtable_lookup, and rhashtable_lookup_fast. The vulnerability manifests during the execution of tcf_ct_flow_table_get and related functions in net/sched/act_ct.c, which are involved in managing flow tables for connection tracking in the Linux traffic control subsystem. The issue could cause undefined behavior, including potential memory corruption or information leakage due to the use of uninitialized memory. However, no known exploits are reported in the wild at this time. The vulnerability affects multiple Linux kernel versions identified by specific commit hashes. The flaw is local in nature, requiring code execution within the kernel context, and is tied to network traffic control operations. The absence of a CVSS score indicates that the severity has not been formally assessed yet, but the technical details suggest a moderate risk due to the potential for memory corruption and instability in kernel networking components.
Potential Impact
For European organizations, this vulnerability could impact any systems running affected Linux kernel versions, particularly those utilizing advanced network traffic control features such as connection tracking in high-performance or security-sensitive environments (e.g., data centers, ISPs, cloud providers, and enterprises with complex network policies). The flaw could lead to kernel instability, crashes, or potentially exploitable conditions that might allow privilege escalation or information disclosure if combined with other vulnerabilities. This is especially critical for organizations relying on Linux-based infrastructure for critical services, including telecommunications, financial services, and government networks. Disruptions or compromises in these environments could lead to service outages, data breaches, or compliance violations under regulations such as GDPR. Although no active exploits are known, the presence of uninitialized memory usage in kernel code is a common vector for subtle security issues, warranting prompt attention.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions where this vulnerability is patched once official fixes are released. Until patches are available, organizations should: 1) Limit the use of advanced traffic control features related to connection tracking (act_ct) if feasible, to reduce exposure. 2) Employ kernel hardening techniques such as Kernel Address Sanitizer (KASAN) or Kernel Memory Sanitizer (KMSAN) in testing environments to detect similar issues proactively. 3) Monitor kernel logs for unusual KMSAN warnings or kernel errors related to rhashtable lookups or traffic control modules. 4) Restrict local access to systems running vulnerable kernels to trusted users only, minimizing the risk of local exploitation. 5) Implement strict network segmentation and firewall rules to limit the ability of attackers to trigger vulnerable code paths remotely via crafted network traffic. 6) Engage with Linux distribution vendors for timely updates and advisories. 7) Conduct thorough regression testing after kernel upgrades to ensure stability of network functions.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-30T07:40:12.260Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9820c4522896dcbdcce2
Added to database: 5/21/2025, 9:08:48 AM
Last enriched: 6/27/2025, 8:43:05 PM
Last updated: 8/6/2025, 12:53:43 AM
Views: 13
Related Threats
CVE-2025-36000: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM WebSphere Application Server Liberty
MediumCVE-2025-55169: CWE-287: Improper Authentication in LabRedesCefetRJ WeGIA
CriticalCVE-2025-43734: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Liferay Portal
MediumCVE-2025-36124: CWE-268 Privilege Chaining in IBM WebSphere Application Server Liberty
MediumCVE-2025-55168: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in LabRedesCefetRJ WeGIA
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.