CVE-2024-39301
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-39301
CVE Details
| Release Date: | 2024-06-25 |
Description
In the Linux kernel, the following vulnerability has been resolved:\nnet/9p: fix uninit-value in p9_client_rpc()\nSyzbot with the help of KMSAN reported the following error:\nBUG: KMSAN: uninit-value in trace_9p_client_res include/trace/events/9p.h:146 [inline]\nBUG: KMSAN: uninit-value in p9_client_rpc+0x1314/0x1340 net/9p/client.c:754\ntrace_9p_client_res include/trace/events/9p.h:146 [inline]\np9_client_rpc+0x1314/0x1340 net/9p/client.c:754\np9_client_create+0x1551/0x1ff0 net/9p/client.c:1031\nv9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410\nv9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122\nlegacy_get_tree+0x114/0x290 fs/fs_context.c:662\nvfs_get_tree+0xa7/0x570 fs/super.c:1797\ndo_new_mount+0x71f/0x15e0 fs/namespace.c:3352\npath_mount+0x742/0x1f20 fs/namespace.c:3679\ndo_mount fs/namespace.c:3692 [inline]\n__do_sys_mount fs/namespace.c:3898 [inline]\n__se_sys_mount+0x725/0x810 fs/namespace.c:3875\n__x64_sys_mount+0xe4/0x150 fs/namespace.c:3875\ndo_syscall_64+0xd5/0x1f0\nentry_SYSCALL_64_after_hwframe+0x6d/0x75\nUninit was created at:\n__alloc_pages+0x9d6/0xe70 mm/page_alloc.c:4598\n__alloc_pages_node include/linux/gfp.h:238 [inline]\nalloc_pages_node include/linux/gfp.h:261 [inline]\nalloc_slab_page mm/slub.c:2175 [inline]\nallocate_slab mm/slub.c:2338 [inline]\nnew_slab+0x2de/0x1400 mm/slub.c:2391\n___slab_alloc+0x1184/0x33d0 mm/slub.c:3525\n__slab_alloc mm/slub.c:3610 [inline]\n__slab_alloc_node mm/slub.c:3663 [inline]\nslab_alloc_node mm/slub.c:3835 [inline]\nkmem_cache_alloc+0x6d3/0xbe0 mm/slub.c:3852\np9_tag_alloc net/9p/client.c:278 [inline]\np9_client_prepare_req+0x20a/0x1770 net/9p/client.c:641\np9_client_rpc+0x27e/0x1340 net/9p/client.c:688\np9_client_create+0x1551/0x1ff0 net/9p/client.c:1031\nv9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410\nv9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122\nlegacy_get_tree+0x114/0x290 fs/fs_context.c:662\nvfs_get_tree+0xa7/0x570 fs/super.c:1797\ndo_new_mount+0x71f/0x15e0 fs/namespace.c:3352\npath_mount+0x742/0x1f20 fs/namespace.c:3679\ndo_mount fs/namespace.c:3692 [inline]\n__do_sys_mount fs/namespace.c:3898 [inline]\n__se_sys_mount+0x725/0x810 fs/namespace.c:3875\n__x64_sys_mount+0xe4/0x150 fs/namespace.c:3875\ndo_syscall_64+0xd5/0x1f0\nentry_SYSCALL_64_after_hwframe+0x6d/0x75\nIf p9_check_errors() fails early in p9_client_rpc(), req->rc.tag\nwill not be properly initialized. However, trace_9p_client_res()\nends up trying to print it out anyway before p9_client_rpc()\nfinishes.\nFix this issue by assigning default values to p9_fcall fields\nsuch as 'tag' and (just in case KMSAN unearths something new) 'id'\nduring the tag allocation stage.
See more information about CVE-2024-39301 from MITRE CVE dictionary and NIST NVD
CVSS Scoring
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
| Base Score: | 5.5 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector: | Local network | Attack Complexity: | Low |
| Privileges Required: | Low | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | None |
| Integrity Impact: | None | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 7 (kernel-uek) | ELSA-2024-12581 | 2024-08-12 |
| Oracle Linux version 7 (kernel-uek) | ELSA-2024-12611 | 2024-09-11 |
| Oracle Linux version 7 (kernel-uek-container) | ELSA-2024-12585 | 2024-08-12 |
| Oracle Linux version 8 (kernel-uek) | ELSA-2024-12581 | 2024-08-12 |
| Oracle Linux version 8 (kernel-uek-container) | ELSA-2024-12584 | 2024-08-12 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
