CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%
In the Linux kernel, the following vulnerability has been resolved:
do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak syzbot
identified a kernel information leak vulnerability in
do_sys_name_to_handle() and issued the following report [1]. [1] “BUG:
KMSAN: kernel-infoleak in instrument_copy_to_user
include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in
_copy_to_user+0xbc/0x100 lib/usercopy.c:40 instrument_copy_to_user
include/linux/instrumented.h:114 [inline] _copy_to_user+0xbc/0x100
lib/usercopy.c:40 copy_to_user include/linux/uaccess.h:191 [inline]
do_sys_name_to_handle fs/fhandle.c:73 [inline] __do_sys_name_to_handle_at
fs/fhandle.c:112 [inline] __se_sys_name_to_handle_at+0x949/0xb10
fs/fhandle.c:94 __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94 …
Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768
slab_alloc_node mm/slub.c:3478 [inline] __kmem_cache_alloc_node+0x5c9/0x970
mm/slub.c:3517 __do_kmalloc_node mm/slab_common.c:1006 [inline]
__kmalloc+0x121/0x3c0 mm/slab_common.c:1020 kmalloc
include/linux/slab.h:604 [inline] do_sys_name_to_handle fs/fhandle.c:39
[inline] __do_sys_name_to_handle_at fs/fhandle.c:112 [inline]
__se_sys_name_to_handle_at+0x441/0xb10 fs/fhandle.c:94
__x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94 … Bytes 18-19 of
20 are uninitialized Memory access of size 20 starts at ffff888128a46380
Data copied to user address 0000000020000240” Per Chuck Lever’s suggestion,
use kzalloc() instead of kmalloc() to solve the problem.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-227.239 | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < 5.4.0-189.209 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-112.122 | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < 6.8.0-35.35 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1170.183 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1128.138 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1063.69 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < 6.8.0-1009.9 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/3948abaa4e2be938ccdfc289385a27342fb13d43 (6.9-rc1)
git.kernel.org/stable/c/3948abaa4e2be938ccdfc289385a27342fb13d43
git.kernel.org/stable/c/423b6bdf19bbc5e1f7e7461045099917378f7e71
git.kernel.org/stable/c/4bac28f441e3cc9d3f1a84c8d023228a68d8a7c1
git.kernel.org/stable/c/772a7def9868091da3bcb0d6c6ff9f0c03d7fa8b
git.kernel.org/stable/c/bf9ec1b24ab4e94345aa1c60811dd329f069c38b
git.kernel.org/stable/c/c1362eae861db28b1608b9dc23e49634fe87b63b
git.kernel.org/stable/c/cba138f1ef37ec6f961baeab62f312dedc7cf730
git.kernel.org/stable/c/cde76b3af247f615447bcfecf610bb76c3529126
git.kernel.org/stable/c/e6450d5e46a737a008b4885aa223486113bf0ad6
launchpad.net/bugs/cve/CVE-2024-26901
nvd.nist.gov/vuln/detail/CVE-2024-26901
security-tracker.debian.org/tracker/CVE-2024-26901
ubuntu.com/security/notices/USN-6816-1
ubuntu.com/security/notices/USN-6817-1
ubuntu.com/security/notices/USN-6817-2
ubuntu.com/security/notices/USN-6817-3
ubuntu.com/security/notices/USN-6820-1
ubuntu.com/security/notices/USN-6820-2
ubuntu.com/security/notices/USN-6821-1
ubuntu.com/security/notices/USN-6821-2
ubuntu.com/security/notices/USN-6821-3
ubuntu.com/security/notices/USN-6821-4
ubuntu.com/security/notices/USN-6828-1
ubuntu.com/security/notices/USN-6871-1
ubuntu.com/security/notices/USN-6878-1
ubuntu.com/security/notices/USN-6892-1
ubuntu.com/security/notices/USN-6896-1
ubuntu.com/security/notices/USN-6896-2
ubuntu.com/security/notices/USN-6896-3
ubuntu.com/security/notices/USN-6896-4
ubuntu.com/security/notices/USN-6896-5
ubuntu.com/security/notices/USN-6919-1
ubuntu.com/security/notices/USN-6926-1
www.cve.org/CVERecord?id=CVE-2024-26901