In the Linux kernel, the following vulnerability has been resolved:
bpf: Take return from setmemoryrox() into account with bpfjitbinarylockro()
setmemoryrox() can fail, leaving memory unprotected.
Check return and bail out when bpfjitbinarylockro() returns an error.
{ "vanir_signatures": [ { "id": "CVE-2024-42067-11ca9cbd", "signature_type": "Line", "target": { "file": "arch/mips/net/bpf_jit_comp.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", "digest": { "threshold": 0.9, "line_hashes": [ "83376793719433049029731707340599699212", "72953883553594689866623815385902925562", "258689386759508436957408653766682709764", "53197440562068327949342683082911921266" ] }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-1d75c83c", "signature_type": "Function", "target": { "file": "arch/arm/net/bpf_jit_32.c", "function": "bpf_int_jit_compile" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", "digest": { "function_hash": "196910984761576439886962334860322477469", "length": 2001.0 }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-42685fee", "signature_type": "Function", "target": { "file": "arch/s390/net/bpf_jit_comp.c", "function": "bpf_int_jit_compile" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", "digest": { "function_hash": "329003818319539069329572055650572680166", "length": 1784.0 }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-4462df59", "signature_type": "Function", "target": { "file": "arch/mips/net/bpf_jit_comp.c", "function": "bpf_int_jit_compile" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", "digest": { "function_hash": "91910279617274270917815751353875204200", "length": 1847.0 }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-479fba2c", "signature_type": "Line", "target": { "file": "arch/mips/net/bpf_jit_comp.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e60adf513275c3a38e5cb67f7fd12387e43a3ff5", "digest": { "threshold": 0.9, "line_hashes": [ "83376793719433049029731707340599699212", "72953883553594689866623815385902925562", "258689386759508436957408653766682709764", "53197440562068327949342683082911921266" ] }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-50ba363a", "signature_type": "Function", "target": { "file": "arch/parisc/net/bpf_jit_core.c", "function": "bpf_int_jit_compile" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", "digest": { "function_hash": "144945376792422744239655166364007256061", "length": 2909.0 }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-5f0c8abe", "signature_type": "Function", "target": { "file": "include/linux/filter.h", "function": "bpf_jit_binary_lock_ro" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e60adf513275c3a38e5cb67f7fd12387e43a3ff5", "digest": { "function_hash": "224940432646811467758521920469082040934", "length": 141.0 }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-667ab2f2", "signature_type": "Line", "target": { "file": "include/linux/filter.h" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", "digest": { "threshold": 0.9, "line_hashes": [ "257175858708394650653309792892392752566", "126067446876319694523666487979946178188", "28609371350227462378350831678304542167", "129787458737502677663328771614284256025", "201435172421701402285489943763310022841", "337575735187562399027309582067942208683", "210991730094191041813008917865103422568" ] }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-6a16a259", "signature_type": "Line", "target": { "file": "arch/x86/net/bpf_jit_comp32.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e60adf513275c3a38e5cb67f7fd12387e43a3ff5", "digest": { "threshold": 0.9, "line_hashes": [ "186070310538543072413410649358736819321", "152775215366021002863461397078602187343", "281620959286843827623717823676201672745", "79667395080671060903053120491628437920", "98469544974264599469454106886512790924" ] }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-704eb421", "signature_type": "Function", "target": { "file": "arch/parisc/net/bpf_jit_core.c", "function": "bpf_int_jit_compile" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e60adf513275c3a38e5cb67f7fd12387e43a3ff5", "digest": { "function_hash": "144945376792422744239655166364007256061", "length": 2909.0 }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-7180eddc", "signature_type": "Function", "target": { "file": "arch/s390/net/bpf_jit_comp.c", "function": "bpf_int_jit_compile" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e60adf513275c3a38e5cb67f7fd12387e43a3ff5", "digest": { "function_hash": "26009330636640040962166486618429033241", "length": 1855.0 }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-7350a468", "signature_type": "Line", "target": { "file": "arch/parisc/net/bpf_jit_core.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e60adf513275c3a38e5cb67f7fd12387e43a3ff5", "digest": { "threshold": 0.9, "line_hashes": [ "305134508389343542639706945937864026164", "268964440725382827456002051077649789251", "256527734205240039419051238829665281359", "13316817881887094593438720914227661147" ] }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-83dc3992", "signature_type": "Function", "target": { "file": "arch/arm/net/bpf_jit_32.c", "function": "bpf_int_jit_compile" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e60adf513275c3a38e5cb67f7fd12387e43a3ff5", "digest": { "function_hash": "196910984761576439886962334860322477469", "length": 2001.0 }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-84013dd4", "signature_type": "Function", "target": { "file": "arch/x86/net/bpf_jit_comp32.c", "function": "bpf_int_jit_compile" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e60adf513275c3a38e5cb67f7fd12387e43a3ff5", "digest": { "function_hash": "27804116744337442651300809903353805310", "length": 1424.0 }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-89267c52", "signature_type": "Line", "target": { "file": "arch/sparc/net/bpf_jit_comp_64.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", "digest": { "threshold": 0.9, "line_hashes": [ "11029141618254440231202531981330748971", "173762467375224897658475031396718885525", "104401260781636795326009714547815196930", "312388726766907011473797629718823745658" ] }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-9175e478", "signature_type": "Line", "target": { "file": "arch/parisc/net/bpf_jit_core.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", "digest": { "threshold": 0.9, "line_hashes": [ "305134508389343542639706945937864026164", "268964440725382827456002051077649789251", "256527734205240039419051238829665281359", "13316817881887094593438720914227661147" ] }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-93a41b80", "signature_type": "Line", "target": { "file": "arch/s390/net/bpf_jit_comp.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e60adf513275c3a38e5cb67f7fd12387e43a3ff5", "digest": { "threshold": 0.9, "line_hashes": [ "166269403243396828463432648124953533480", "184585807131498798836403983209570048530", "24145022664626832397064546589832837089", "320629868649436814725722041030121858073" ] }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-9a9cbe9d", "signature_type": "Line", "target": { "file": "arch/arm/net/bpf_jit_32.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", "digest": { "threshold": 0.9, "line_hashes": [ "290829478103464522121577328739876294197", "38970204844536337264860767424237476631", "336736446749143110326346982841571654810", "277583805231545066980279852003789582559", "94215904088836036580907461181120439123", "145901844682386672095289563450280646320", "253054318355956576676448324593167126801", "48873556482110583963608444226189391287", "296152923732149629136425494074254446897", "67890132325855518374752333498415063818", "18429756852288725983184214798266489029", "94215904088836036580907461181120439123", "145901844682386672095289563450280646320", "201341982661627017187110043934231736593", "280974957197126589906559636777299879593", "35564762994301722281303188617515308515", "316203980955968603503664199324540693716", "96817792302966494541224708579936098558", "95130462305477988945532819308145473884", "321837094732297339885301615327616693370", "25462488094263002573025496398370652712", "16441132528452850563283853310114304024" ] }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-9bcf7fd4", "signature_type": "Line", "target": { "file": "arch/s390/net/bpf_jit_comp.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", "digest": { "threshold": 0.9, "line_hashes": [ "166269403243396828463432648124953533480", "184585807131498798836403983209570048530", "24145022664626832397064546589832837089", "320629868649436814725722041030121858073" ] }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-a4e684d5", "signature_type": "Line", "target": { "file": "arch/x86/net/bpf_jit_comp32.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", "digest": { "threshold": 0.9, "line_hashes": [ "186070310538543072413410649358736819321", "152775215366021002863461397078602187343", "281620959286843827623717823676201672745", "79667395080671060903053120491628437920", "98469544974264599469454106886512790924" ] }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-a686bd00", "signature_type": "Function", "target": { "file": "include/linux/filter.h", "function": "bpf_jit_binary_lock_ro" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", "digest": { "function_hash": "224940432646811467758521920469082040934", "length": 141.0 }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-ab12b7c3", "signature_type": "Function", "target": { "file": "arch/mips/net/bpf_jit_comp.c", "function": "bpf_int_jit_compile" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e60adf513275c3a38e5cb67f7fd12387e43a3ff5", "digest": { "function_hash": "91910279617274270917815751353875204200", "length": 1847.0 }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-ac183df0", "signature_type": "Line", "target": { "file": "arch/arm/net/bpf_jit_32.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e60adf513275c3a38e5cb67f7fd12387e43a3ff5", "digest": { "threshold": 0.9, "line_hashes": [ "290829478103464522121577328739876294197", "38970204844536337264860767424237476631", "336736446749143110326346982841571654810", "277583805231545066980279852003789582559", "94215904088836036580907461181120439123", "145901844682386672095289563450280646320", "253054318355956576676448324593167126801", "48873556482110583963608444226189391287", "296152923732149629136425494074254446897", "67890132325855518374752333498415063818", "18429756852288725983184214798266489029", "94215904088836036580907461181120439123", "145901844682386672095289563450280646320", "201341982661627017187110043934231736593", "280974957197126589906559636777299879593", "35564762994301722281303188617515308515", "316203980955968603503664199324540693716", "96817792302966494541224708579936098558", "95130462305477988945532819308145473884", "321837094732297339885301615327616693370", "25462488094263002573025496398370652712", "16441132528452850563283853310114304024" ] }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-affa392a", "signature_type": "Function", "target": { "file": "arch/loongarch/net/bpf_jit.c", "function": "bpf_int_jit_compile" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e60adf513275c3a38e5cb67f7fd12387e43a3ff5", "digest": { "function_hash": "193712342559257359843992318915822879756", "length": 2597.0 }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-b09a882f", "signature_type": "Line", "target": { "file": "arch/loongarch/net/bpf_jit.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", "digest": { "threshold": 0.9, "line_hashes": [ "181843700492791408578365907244870091344", "224951319564634543874529017440380449148", "270755240175944915935675254231484061347", "176399979934602403885521844063817639511", "116772399893967903718480681660256749270", "121114976255843523860835730360725938109", "123954687909413928608297015456111559865", "313874973564506528292531275094547474527", "228184419900788711032812627515545017445", "34131095620066653990195702669986987859", "162417520173265787148982664182138223045", "112959541961379808482776456387074483028", "118160156969158150663512531681282972992", "312388726766907011473797629718823745658", "303066529738926562258864311132943755254", "179898912002883231807499566968567407725", "198188337431661858583372518290295875411", "332556181506402440673540596805288411341" ] }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-bd2aaf7a", "signature_type": "Line", "target": { "file": "arch/loongarch/net/bpf_jit.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e60adf513275c3a38e5cb67f7fd12387e43a3ff5", "digest": { "threshold": 0.9, "line_hashes": [ "181843700492791408578365907244870091344", "224951319564634543874529017440380449148", "270755240175944915935675254231484061347", "176399979934602403885521844063817639511", "116772399893967903718480681660256749270", "121114976255843523860835730360725938109", "123954687909413928608297015456111559865", "313874973564506528292531275094547474527", "228184419900788711032812627515545017445", "34131095620066653990195702669986987859", "162417520173265787148982664182138223045", "112959541961379808482776456387074483028", "118160156969158150663512531681282972992", "312388726766907011473797629718823745658", "303066529738926562258864311132943755254", "179898912002883231807499566968567407725", "198188337431661858583372518290295875411", "332556181506402440673540596805288411341" ] }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-cabae40d", "signature_type": "Function", "target": { "file": "arch/x86/net/bpf_jit_comp32.c", "function": "bpf_int_jit_compile" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", "digest": { "function_hash": "27804116744337442651300809903353805310", "length": 1424.0 }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-cf3a7a57", "signature_type": "Line", "target": { "file": "include/linux/filter.h" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e60adf513275c3a38e5cb67f7fd12387e43a3ff5", "digest": { "threshold": 0.9, "line_hashes": [ "257175858708394650653309792892392752566", "126067446876319694523666487979946178188", "28609371350227462378350831678304542167", "129787458737502677663328771614284256025", "201435172421701402285489943763310022841", "337575735187562399027309582067942208683", "210991730094191041813008917865103422568" ] }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-dc76d184", "signature_type": "Function", "target": { "file": "arch/sparc/net/bpf_jit_comp_64.c", "function": "bpf_int_jit_compile" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", "digest": { "function_hash": "101389754069407153570853201911203880325", "length": 2649.0 }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-dfef25cf", "signature_type": "Function", "target": { "file": "arch/sparc/net/bpf_jit_comp_64.c", "function": "bpf_int_jit_compile" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e60adf513275c3a38e5cb67f7fd12387e43a3ff5", "digest": { "function_hash": "101389754069407153570853201911203880325", "length": 2649.0 }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-e27f7cee", "signature_type": "Function", "target": { "file": "arch/loongarch/net/bpf_jit.c", "function": "bpf_int_jit_compile" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", "digest": { "function_hash": "193712342559257359843992318915822879756", "length": 2597.0 }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42067-e916ddc8", "signature_type": "Line", "target": { "file": "arch/sparc/net/bpf_jit_comp_64.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e60adf513275c3a38e5cb67f7fd12387e43a3ff5", "digest": { "threshold": 0.9, "line_hashes": [ "11029141618254440231202531981330748971", "173762467375224897658475031396718885525", "104401260781636795326009714547815196930", "312388726766907011473797629718823745658" ] }, "deprecated": false, "signature_version": "v1" } ] }