CVE-2024-41079

Summary

In the Linux kernel, the following vulnerability has been resolved:

nvmet: always initialize cqe.result

The spec doesn't mandate that the first two double words (aka results) for the command queue entry need to be set to 0 when they are not used (not specified). Though, the target implemention returns 0 for TCP and FC but not for RDMA.

Let's make RDMA behave the same and thus explicitly initializing the result field. This prevents leaking any data from the stack.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa07b4970f464f13640e28e16dad6cfa33647cc99 < c6a2cf8b0764f3ba7d9bff58c8775a6d4476bb29affected
LinuxLinuxa07b4970f464f13640e28e16dad6cfa33647cc99 < 30d35b24b7957922f81cfdaa66f2e1b1e9b9aed2affected
LinuxLinuxa07b4970f464f13640e28e16dad6cfa33647cc99 < 10967873b80742261527a071954be8b54f0f8e4daffected
LinuxLinuxa07b4970f464f13640e28e16dad6cfa33647cc99 < 0990e8a863645496b9e3f91cfcfd63cd95c80319affected
LinuxLinuxa07b4970f464f13640e28e16dad6cfa33647cc99 < cd0c1b8e045a8d2785342b385cb2684d9b48e426affected
LinuxLinux4.8affected
LinuxLinux0 < 4.8unaffected
LinuxLinux5.15.209 <= 5.15.*unaffected
LinuxLinux6.1.101 <= 6.1.*unaffected
LinuxLinux6.6.42 <= 6.6.*unaffected
LinuxLinux6.9.11 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References