CVE-2026-53243
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
rseq: Fix using an uninitialized stack variable in rseq_exit_user_update()
There is an bug in which an uninitialized stack variable is used in rseq_exit_user_update() as reported by syzbot:
BUG: KMSAN: kernel-infoleak in rseq_set_ids_get_csaddr include/linux/rseq_entry.h:502 [inline]
The local variable:
struct rseq_ids ids = {
.cpu_id = task_cpu(t),
.mm_cid = task_mm_cid(t),
.node_id = cpu_to_node(ids.cpu_id),
};
According to the C standard, the evaluation order of expressions in an
initializer list is indeterminately sequenced. The compiler (Clang, in
this KMSAN build) evaluates cpu_to_node(ids.cpu_id) before
ids.cpu_id is initialized with task_cpu(t).
This is fixed by moving the assignment of ids.node_id outside the structure initialization.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | d242126fd21ab8f1631fdbc8589e43a9d4229f3b < e12d20a63b61aaf9de4772effccf42cc9a003e58 | affected |
| Linux | Linux | 82f572449cfe75f12ea985986da60e11f308f77d < 6d99479799c69c3cb588fcda19c81d8f61d64ecd | affected |
| Linux | Linux | 7.0.10 < 7.0.13 | affected |
Weaknesses
References
- https://git.kernel.org/stable/c/e12d20a63b61aaf9de4772effccf42cc9a003e58
- https://git.kernel.org/stable/c/6d99479799c69c3cb588fcda19c81d8f61d64ecd
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.