cve/published/2024/CVE-2024-43854.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-43854: block: initialize integrity buffer to zero before writing it to media

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 block: initialize integrity buffer to zero before writing it to media

 Metadata added by bio_integrity_prep is using plain kmalloc, which leads
 to random kernel memory being written media.  For PI metadata this is
 limited to the app tag that isn't used by kernel generated metadata,
 but for non-PI metadata the entire buffer leaks kernel memory.

 Fix this by adding the __GFP_ZERO flag to allocations for writes.

 The Linux kernel CVE team has assigned CVE-2024-43854 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 2.6.27 with commit 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b and fixed in 4.19.322 with commit 9f4af4cf08f9a0329ade3d938f55d2220c40d0a6
 	Issue introduced in 2.6.27 with commit 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b and fixed in 5.4.284 with commit 129f95948a96105c1fad8e612c9097763e88ac5f
 	Issue introduced in 2.6.27 with commit 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b and fixed in 5.10.226 with commit 3fd11fe4f20756b4c0847f755a64cd96f8c6a005
 	Issue introduced in 2.6.27 with commit 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b and fixed in 5.15.165 with commit cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2
 	Issue introduced in 2.6.27 with commit 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b and fixed in 6.1.103 with commit d418313bd8f55c079a7da12651951b489a638ac1
 	Issue introduced in 2.6.27 with commit 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b and fixed in 6.6.44 with commit 23a19655fb56f241e592041156dfb1c6d04da644
 	Issue introduced in 2.6.27 with commit 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b and fixed in 6.10.3 with commit ebc0e91ba76dc6544fff9f5b66408b1982806a00
 	Issue introduced in 2.6.27 with commit 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b and fixed in 6.11 with commit 899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-43854
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	block/bio-integrity.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/9f4af4cf08f9a0329ade3d938f55d2220c40d0a6
 	https://git.kernel.org/stable/c/129f95948a96105c1fad8e612c9097763e88ac5f
 	https://git.kernel.org/stable/c/3fd11fe4f20756b4c0847f755a64cd96f8c6a005
 	https://git.kernel.org/stable/c/cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2
 	https://git.kernel.org/stable/c/d418313bd8f55c079a7da12651951b489a638ac1
 	https://git.kernel.org/stable/c/23a19655fb56f241e592041156dfb1c6d04da644
 	https://git.kernel.org/stable/c/ebc0e91ba76dc6544fff9f5b66408b1982806a00
 	https://git.kernel.org/stable/c/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-43854: block: initialize integrity buffer to zero before writing it to media

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	block: initialize integrity buffer to zero before writing it to media

	Metadata added by bio_integrity_prep is using plain kmalloc, which leads
	to random kernel memory being written media. For PI metadata this is
	limited to the app tag that isn't used by kernel generated metadata,
	but for non-PI metadata the entire buffer leaks kernel memory.

	Fix this by adding the __GFP_ZERO flag to allocations for writes.

	The Linux kernel CVE team has assigned CVE-2024-43854 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 2.6.27 with commit 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b and fixed in 4.19.322 with commit 9f4af4cf08f9a0329ade3d938f55d2220c40d0a6
	Issue introduced in 2.6.27 with commit 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b and fixed in 5.4.284 with commit 129f95948a96105c1fad8e612c9097763e88ac5f
	Issue introduced in 2.6.27 with commit 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b and fixed in 5.10.226 with commit 3fd11fe4f20756b4c0847f755a64cd96f8c6a005
	Issue introduced in 2.6.27 with commit 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b and fixed in 5.15.165 with commit cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2
	Issue introduced in 2.6.27 with commit 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b and fixed in 6.1.103 with commit d418313bd8f55c079a7da12651951b489a638ac1
	Issue introduced in 2.6.27 with commit 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b and fixed in 6.6.44 with commit 23a19655fb56f241e592041156dfb1c6d04da644
	Issue introduced in 2.6.27 with commit 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b and fixed in 6.10.3 with commit ebc0e91ba76dc6544fff9f5b66408b1982806a00
	Issue introduced in 2.6.27 with commit 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b and fixed in 6.11 with commit 899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-43854
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	block/bio-integrity.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/9f4af4cf08f9a0329ade3d938f55d2220c40d0a6
	https://git.kernel.org/stable/c/129f95948a96105c1fad8e612c9097763e88ac5f
	https://git.kernel.org/stable/c/3fd11fe4f20756b4c0847f755a64cd96f8c6a005
	https://git.kernel.org/stable/c/cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2
	https://git.kernel.org/stable/c/d418313bd8f55c079a7da12651951b489a638ac1
	https://git.kernel.org/stable/c/23a19655fb56f241e592041156dfb1c6d04da644
	https://git.kernel.org/stable/c/ebc0e91ba76dc6544fff9f5b66408b1982806a00
	https://git.kernel.org/stable/c/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f