CVE-2024-42072— bpf: Fix may_goto with negative offset.

AI Predicted 7.8 Difficulty: Hard EPSS 0.02% · P7 Updated May 13, 2026

Affected Version Matrix 6

Vendor	Product	Version Range	Status
Linux	Linux	`011832b97b311bb9e3c27945bc0d1089a14209c9< 175827e04f4be53f3dfb57edf12d0d49b18fd939`	affected
		`011832b97b311bb9e3c27945bc0d1089a14209c9< 2b2efe1937ca9f8815884bd4dcd5b32733025103`	affected
		`6.9`	affected
		`< 6.9`	unaffected
		`6.9.8≤ 6.9.*`	unaffected
		`6.10≤ *`	unaffected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-42072

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

bpf: Fix may_goto with negative offset.

Source: NVD (National Vulnerability Database)

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix may_goto with negative offset. Zac's syzbot crafted a bpf prog that exposed two bugs in may_goto. The 1st bug is the way may_goto is patched. When offset is negative it should be patched differently. The 2nd bug is in the verifier: when current state may_goto_depth is equal to visited state may_goto_depth it means there is an actual infinite loop. It's not correct to prune exploration of the program at this point. Note, that this check doesn't limit the program to only one may_goto insn, since 2nd and any further may_goto will increment may_goto_depth only in the queued state pushed for future exploration. The current state will have may_goto_depth == 0 regardless of number of may_goto insns and the verifier has to explore the program until bpf_exit.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Linux kernel 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞，该漏洞源于在may_goto的补丁方式存在问题，当偏移量为负时，应该以不同的方式进行补丁。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Linux	Linux	011832b97b311bb9e3c27945bc0d1089a14209c9 ~ 175827e04f4be53f3dfb57edf12d0d49b18fd939	-
Linux	Linux	6.9	-

II. Public POCs for CVE-2024-42072

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-42072

请登录查看更多情报信息。

Other References for CVE-2024-42072 (2)

https://nvd.nist.gov/vuln/detail/CVE-2024-42072

Same Patch Batch · Linux · 2024-07-29 · 121 CVEs total

CVE-2024-41088		can: mcp251xfd: fix infinite loop when xmit fails
CVE-2024-42067		bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()
CVE-2024-42066		drm/xe: Fix potential integer overflow in page size calculation
CVE-2024-42065		drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init
CVE-2024-42063		bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode
CVE-2024-42064		drm/amd/display: Skip pipe if the pipe idx not set properly
CVE-2023-52887		net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_s
CVE-2024-41098		ata: libata-core: Fix null pointer dereference on error
CVE-2024-41097		usb: atm: cxacru: fix endpoint checking in cxacru_bind()
CVE-2024-41096		PCI/MSI: Fix UAF in msi_capability_init
CVE-2024-41095		drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes
CVE-2024-41094		drm/fbdev-dma: Only set smem_start is enable per module option
CVE-2024-41093		drm/amdgpu: avoid using null object of framebuffer
CVE-2024-41092		drm/i915/gt: Fix potential UAF by revoke of fence registers
CVE-2024-41089		drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes
CVE-2024-41077		null_blk: fix validation of block size
CVE-2024-41080		io_uring: fix possible deadlock in io_register_iowq_max_workers()
CVE-2024-41079		nvmet: always initialize cqe.result
CVE-2024-41078		btrfs: qgroup: fix quota root leak after quota disable failure
CVE-2024-41075		cachefiles: add consistency check for copen/cread

Showing top 20 of 121 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Linux

Same vendor: Linux

V. Comments for CVE-2024-42072

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-42072— bpf: Fix may_goto with negative offset.

Affected Version Matrix 6

I. Basic Information for CVE-2024-42072

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-42072

III. Intelligence Information for CVE-2024-42072

Other References for CVE-2024-42072 (2)

Same Patch Batch · Linux · 2024-07-29 · 121 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-42072

Leave a comment