Executive Summary

Informations
Name CVE-2024-53066 First vendor Publication 2024-11-19
Vendor Cve Last vendor Modification 2024-11-25

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

nfs: Fix KMSAN warning in decode_getfattr_attrs()

Fix the following KMSAN warning:

CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009) ===================================================== ===================================================== BUG: KMSAN: uninit-value in decode_getfattr_attrs+0x2d6d/0x2f90
decode_getfattr_attrs+0x2d6d/0x2f90
decode_getfattr_generic+0x806/0xb00
nfs4_xdr_dec_getattr+0x1de/0x240
rpcauth_unwrap_resp_decode+0xab/0x100
rpcauth_unwrap_resp+0x95/0xc0
call_decode+0x4ff/0xb50
__rpc_execute+0x57b/0x19d0
rpc_execute+0x368/0x5e0
rpc_run_task+0xcfe/0xee0
nfs4_proc_getattr+0x5b5/0x990
__nfs_revalidate_inode+0x477/0xd00
nfs_access_get_cached+0x1021/0x1cc0
nfs_do_access+0x9f/0xae0
nfs_permission+0x1e4/0x8c0
inode_permission+0x356/0x6c0
link_path_walk+0x958/0x1330
path_lookupat+0xce/0x6b0
filename_lookup+0x23e/0x770
vfs_statx+0xe7/0x970
vfs_fstatat+0x1f2/0x2c0
__se_sys_newfstatat+0x67/0x880
__x64_sys_newfstatat+0xbd/0x120
x64_sys_call+0x1826/0x3cf0
do_syscall_64+0xd0/0x1b0
entry_SYSCALL_64_after_hwframe+0x77/0x7f

The KMSAN warning is triggered in decode_getfattr_attrs(), when calling decode_attr_mdsthreshold(). It appears that fattr->mdsthreshold is not initialized.

Fix the issue by initializing fattr->mdsthreshold to NULL in nfs_fattr_init().

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53066

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3665

Sources (Detail)

https://git.kernel.org/stable/c/25ffd294fef81a7f3cd9528adf21560c04d98747
https://git.kernel.org/stable/c/8fc5ea9231af9122d227c9c13f5e578fca48d2e3
https://git.kernel.org/stable/c/9b453e8b108a5a93a6e348cf2ba4c9c138314a00
https://git.kernel.org/stable/c/9be0a21ae52b3b822d0eec4d14e909ab394f8a92
https://git.kernel.org/stable/c/bbfcd261cc068fe1cd02a4e871275074a0daa4e2
https://git.kernel.org/stable/c/dc270d7159699ad6d11decadfce9633f0f71c1db
https://git.kernel.org/stable/c/f6b2b2b981af8e7d7c62d34143acefa4e1edfe8b
https://git.kernel.org/stable/c/f749cb60a01f8391c760a1d6ecd938cadacf9549
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2025-01-08 03:07:28
  • Multiple Updates
2025-01-07 03:07:01
  • Multiple Updates
2024-12-25 03:05:38
  • Multiple Updates
2024-12-12 03:08:31
  • Multiple Updates
2024-11-26 03:12:24
  • Multiple Updates
2024-11-20 00:20:26
  • Multiple Updates
2024-11-19 21:20:27
  • First insertion