| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Fix KMSAN warning in decode_getfattr_attrs()\n\nFix the following KMSAN warning:\n\nCPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B\nTainted: [B]=BAD_PAGE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009)\n=====================================================\n=====================================================\nBUG: KMSAN: uninit-value in decode_getfattr_attrs+0x2d6d/0x2f90\n decode_getfattr_attrs+0x2d6d/0x2f90\n decode_getfattr_generic+0x806/0xb00\n nfs4_xdr_dec_getattr+0x1de/0x240\n rpcauth_unwrap_resp_decode+0xab/0x100\n rpcauth_unwrap_resp+0x95/0xc0\n call_decode+0x4ff/0xb50\n __rpc_execute+0x57b/0x19d0\n rpc_execute+0x368/0x5e0\n rpc_run_task+0xcfe/0xee0\n nfs4_proc_getattr+0x5b5/0x990\n __nfs_revalidate_inode+0x477/0xd00\n nfs_access_get_cached+0x1021/0x1cc0\n nfs_do_access+0x9f/0xae0\n nfs_permission+0x1e4/0x8c0\n inode_permission+0x356/0x6c0\n link_path_walk+0x958/0x1330\n path_lookupat+0xce/0x6b0\n filename_lookup+0x23e/0x770\n vfs_statx+0xe7/0x970\n vfs_fstatat+0x1f2/0x2c0\n __se_sys_newfstatat+0x67/0x880\n __x64_sys_newfstatat+0xbd/0x120\n x64_sys_call+0x1826/0x3cf0\n do_syscall_64+0xd0/0x1b0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe KMSAN warning is triggered in decode_getfattr_attrs(), when calling\ndecode_attr_mdsthreshold(). It appears that fattr->mdsthreshold is not\ninitialized.\n\nFix the issue by initializing fattr->mdsthreshold to NULL in\nnfs_fattr_init()." |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "fs/nfs/inode.c" |
| ], |
| "versions": [ |
| { |
| "version": "88034c3d88c2c48b215f2cc5eb22e564aa817f9c", |
| "lessThan": "25ffd294fef81a7f3cd9528adf21560c04d98747", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "88034c3d88c2c48b215f2cc5eb22e564aa817f9c", |
| "lessThan": "bbfcd261cc068fe1cd02a4e871275074a0daa4e2", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "88034c3d88c2c48b215f2cc5eb22e564aa817f9c", |
| "lessThan": "8fc5ea9231af9122d227c9c13f5e578fca48d2e3", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "88034c3d88c2c48b215f2cc5eb22e564aa817f9c", |
| "lessThan": "9b453e8b108a5a93a6e348cf2ba4c9c138314a00", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "88034c3d88c2c48b215f2cc5eb22e564aa817f9c", |
| "lessThan": "f6b2b2b981af8e7d7c62d34143acefa4e1edfe8b", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "88034c3d88c2c48b215f2cc5eb22e564aa817f9c", |
| "lessThan": "f749cb60a01f8391c760a1d6ecd938cadacf9549", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "88034c3d88c2c48b215f2cc5eb22e564aa817f9c", |
| "lessThan": "9be0a21ae52b3b822d0eec4d14e909ab394f8a92", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "88034c3d88c2c48b215f2cc5eb22e564aa817f9c", |
| "lessThan": "dc270d7159699ad6d11decadfce9633f0f71c1db", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "fs/nfs/inode.c" |
| ], |
| "versions": [ |
| { |
| "version": "3.5", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "3.5", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.19.324", |
| "lessThanOrEqual": "4.19.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.4.286", |
| "lessThanOrEqual": "5.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.230", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.15.172", |
| "lessThanOrEqual": "5.15.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.1.117", |
| "lessThanOrEqual": "6.1.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.6.61", |
| "lessThanOrEqual": "6.6.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.11.8", |
| "lessThanOrEqual": "6.11.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.12", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "3.5", |
| "versionEndExcluding": "4.19.324" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "3.5", |
| "versionEndExcluding": "5.4.286" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "3.5", |
| "versionEndExcluding": "5.10.230" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "3.5", |
| "versionEndExcluding": "5.15.172" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "3.5", |
| "versionEndExcluding": "6.1.117" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "3.5", |
| "versionEndExcluding": "6.6.61" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "3.5", |
| "versionEndExcluding": "6.11.8" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "3.5", |
| "versionEndExcluding": "6.12" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/25ffd294fef81a7f3cd9528adf21560c04d98747" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/bbfcd261cc068fe1cd02a4e871275074a0daa4e2" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/8fc5ea9231af9122d227c9c13f5e578fca48d2e3" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/9b453e8b108a5a93a6e348cf2ba4c9c138314a00" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/f6b2b2b981af8e7d7c62d34143acefa4e1edfe8b" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/f749cb60a01f8391c760a1d6ecd938cadacf9549" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/9be0a21ae52b3b822d0eec4d14e909ab394f8a92" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/dc270d7159699ad6d11decadfce9633f0f71c1db" |
| } |
| ], |
| "title": "nfs: Fix KMSAN warning in decode_getfattr_attrs()", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2024-53066", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
