CVE-2024-53066

Summary

In the Linux kernel, the following vulnerability has been resolved:

nfs: Fix KMSAN warning in decode_getfattr_attrs()

Fix the following KMSAN warning:

CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009)

===================================================== BUG: KMSAN: uninit-value in decode_getfattr_attrs+0x2d6d/0x2f90 decode_getfattr_attrs+0x2d6d/0x2f90 decode_getfattr_generic+0x806/0xb00 nfs4_xdr_dec_getattr+0x1de/0x240 rpcauth_unwrap_resp_decode+0xab/0x100 rpcauth_unwrap_resp+0x95/0xc0 call_decode+0x4ff/0xb50 __rpc_execute+0x57b/0x19d0 rpc_execute+0x368/0x5e0 rpc_run_task+0xcfe/0xee0 nfs4_proc_getattr+0x5b5/0x990 __nfs_revalidate_inode+0x477/0xd00 nfs_access_get_cached+0x1021/0x1cc0 nfs_do_access+0x9f/0xae0 nfs_permission+0x1e4/0x8c0 inode_permission+0x356/0x6c0 link_path_walk+0x958/0x1330 path_lookupat+0xce/0x6b0 filename_lookup+0x23e/0x770 vfs_statx+0xe7/0x970 vfs_fstatat+0x1f2/0x2c0 __se_sys_newfstatat+0x67/0x880 __x64_sys_newfstatat+0xbd/0x120 x64_sys_call+0x1826/0x3cf0 do_syscall_64+0xd0/0x1b0 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The KMSAN warning is triggered in decode_getfattr_attrs(), when calling decode_attr_mdsthreshold(). It appears that fattr->mdsthreshold is not initialized.

Fix the issue by initializing fattr->mdsthreshold to NULL in nfs_fattr_init().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux88034c3d88c2c48b215f2cc5eb22e564aa817f9c < 25ffd294fef81a7f3cd9528adf21560c04d98747affected
LinuxLinux88034c3d88c2c48b215f2cc5eb22e564aa817f9c < bbfcd261cc068fe1cd02a4e871275074a0daa4e2affected
LinuxLinux88034c3d88c2c48b215f2cc5eb22e564aa817f9c < 8fc5ea9231af9122d227c9c13f5e578fca48d2e3affected
LinuxLinux88034c3d88c2c48b215f2cc5eb22e564aa817f9c < 9b453e8b108a5a93a6e348cf2ba4c9c138314a00affected
LinuxLinux88034c3d88c2c48b215f2cc5eb22e564aa817f9c < f6b2b2b981af8e7d7c62d34143acefa4e1edfe8baffected
LinuxLinux88034c3d88c2c48b215f2cc5eb22e564aa817f9c < f749cb60a01f8391c760a1d6ecd938cadacf9549affected
LinuxLinux88034c3d88c2c48b215f2cc5eb22e564aa817f9c < 9be0a21ae52b3b822d0eec4d14e909ab394f8a92affected
LinuxLinux88034c3d88c2c48b215f2cc5eb22e564aa817f9c < dc270d7159699ad6d11decadfce9633f0f71c1dbaffected
LinuxLinux3.5affected
LinuxLinux0 < 3.5unaffected
LinuxLinux4.19.324 <= 4.19.*unaffected
LinuxLinux5.4.286 <= 5.4.*unaffected
LinuxLinux5.10.230 <= 5.10.*unaffected
LinuxLinux5.15.172 <= 5.15.*unaffected
LinuxLinux6.1.117 <= 6.1.*unaffected
LinuxLinux6.6.61 <= 6.6.*unaffected
LinuxLinux6.11.8 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References