CVE-2024-42068

low-risk

Published 2024-07-29

In the Linux kernel, the following vulnerability has been resolved: bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() set_memory_ro() can fail, leaving memory unprotected. Check its return and take it into account as an error.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (11)

Patch https://git.kernel.org/stable/c/05412471beba313ecded95aa17b25fe84bb2551a

Patch https://git.kernel.org/stable/c/7d2cc63eca0c993c99d18893214abf8f85d566d8

Patch https://git.kernel.org/stable/c/a359696856ca9409fb97655c5a8ef0f549cb6e03

Patch https://git.kernel.org/stable/c/e4f602e3ff749ba770bf8ff10196e18358de6720

Patch https://git.kernel.org/stable/c/05412471beba313ecded95aa17b25fe84bb2551a

Patch https://git.kernel.org/stable/c/7d2cc63eca0c993c99d18893214abf8f85d566d8

Patch https://git.kernel.org/stable/c/a359696856ca9409fb97655c5a8ef0f549cb6e03

Patch https://git.kernel.org/stable/c/e3540e5a7054d6daaf9a1415a48aacb092112a89

Patch https://git.kernel.org/stable/c/e4f602e3ff749ba770bf8ff10196e18358de6720

Patch https://git.kernel.org/stable/c/fdd411af8178edc6b7bf260f8fa4fba1bedd0a6d

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal