CVE-2024-42311

CVE Details

Release Date:2024-08-17

Description


In the Linux kernel, the following vulnerability has been resolved:\nhfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()\nSyzbot reports uninitialized value access issue as below:\nloop0: detected capacity change from 0 to 64\n=====================================================\nBUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\nhfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\nd_revalidate fs/namei.c:862 [inline]\nlookup_fast+0x89e/0x8e0 fs/namei.c:1649\nwalk_component fs/namei.c:2001 [inline]\nlink_path_walk+0x817/0x1480 fs/namei.c:2332\npath_lookupat+0xd9/0x6f0 fs/namei.c:2485\nfilename_lookup+0x22e/0x740 fs/namei.c:2515\nuser_path_at_empty+0x8b/0x390 fs/namei.c:2924\nuser_path_at include/linux/namei.h:57 [inline]\ndo_mount fs/namespace.c:3689 [inline]\n__do_sys_mount fs/namespace.c:3898 [inline]\n__se_sys_mount+0x66b/0x810 fs/namespace.c:3875\n__x64_sys_mount+0xe4/0x140 fs/namespace.c:3875\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x63/0x6b\nBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\nBUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\nhfs_ext_read_extent fs/hfs/extent.c:196 [inline]\nhfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\nblock_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271\nhfs_read_folio+0x55/0x60 fs/hfs/inode.c:39\nfilemap_read_folio+0x148/0x4f0 mm/filemap.c:2426\ndo_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553\ndo_read_cache_page mm/filemap.c:3595 [inline]\nread_cache_page+0xfb/0x2f0 mm/filemap.c:3604\nread_mapping_page include/linux/pagemap.h:755 [inline]\nhfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78\nhfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204\nhfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406\nmount_bdev+0x628/0x920 fs/super.c:1359\nhfs_mount+0xcd/0xe0 fs/hfs/super.c:456\nlegacy_get_tree+0x167/0x2e0 fs/fs_context.c:610\nvfs_get_tree+0xdc/0x5d0 fs/super.c:1489\ndo_new_mount+0x7a9/0x16f0 fs/namespace.c:3145\npath_mount+0xf98/0x26a0 fs/namespace.c:3475\ndo_mount fs/namespace.c:3488 [inline]\n__do_sys_mount fs/namespace.c:3697 [inline]\n__se_sys_mount+0x919/0x9e0 fs/namespace.c:3674\n__ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674\ndo_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n__do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\ndo_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\ndo_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\nentry_SYSENTER_compat_after_hwframe+0x70/0x82\nUninit was created at:\n__alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n__alloc_pages_node include/linux/gfp.h:238 [inline]\nalloc_pages_node include/linux/gfp.h:261 [inline]\nalloc_slab_page mm/slub.c:2190 [inline]\nallocate_slab mm/slub.c:2354 [inline]\nnew_slab+0x2d7/0x1400 mm/slub.c:2407\n___slab_alloc+0x16b5/0x3970 mm/slub.c:3540\n__slab_alloc mm/slub.c:3625 [inline]\n__slab_alloc_node mm/slub.c:3678 [inline]\nslab_alloc_node mm/slub.c:3850 [inline]\nkmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879\nalloc_inode_sb include/linux/fs.h:3018 [inline]\nhfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165\nalloc_inode+0x83/0x440 fs/inode.c:260\nnew_inode_pseudo fs/inode.c:1005 [inline]\nnew_inode+0x38/0x4f0 fs/inode.c:1031\nhfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186\nhfs_mkdir+0x54/0x250 fs/hfs/dir.c:228\nvfs_mkdir+0x49a/0x700 fs/namei.c:4126\ndo_mkdirat+0x529/0x810 fs/namei.c:4149\n__do_sys_mkdirat fs/namei.c:4164 [inline]\n__se_sys_mkdirat fs/namei.c:4162 [inline]\n__x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x63/0x6b\nIt missed to initialize .tz_secondswest, .cached_start and .cached_blocks\nfields in struct hfs_inode_info after hfs_alloc_inode(), fix it.

See more information about CVE-2024-42311 from MITRE CVE dictionary and NIST NVD


NOTE: The following CVSS metrics and score provided are preliminary and subject to review.


CVSS v3 metrics

Base Score: 5.5
Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Attack Vector: Local
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: High

Errata information


PlatformErrataRelease Date
Oracle Linux version 7 (kernel-uek)ELSA-2024-127802024-10-11
Oracle Linux version 7 (kernel-uek)ELSA-2024-127822024-10-14
Oracle Linux version 7 (kernel-uek)ELSA-2024-128682024-12-06
Oracle Linux version 8 (kernel-uek)ELSA-2024-127802024-10-11
Oracle Linux version 8 (kernel-uek)ELSA-2024-127822024-10-14
Oracle Linux version 8 (kernel-uek)ELSA-2024-128152024-11-11
Oracle Linux version 9 (kernel-uek)ELSA-2024-128152024-11-11


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete