csaf_suse - suse-su-2024:4219-1

suse-su-2024:4219-1

Vulnerability from csaf_suse

Published

2024-12-05 21:09

Modified

2024-12-05 21:09

Summary

Security update for the Linux Kernel (Live Patch 58 for SLE 12 SP5)

Notes

Title of the patch

Security update for the Linux Kernel (Live Patch 58 for SLE 12 SP5)

Description of the patch

This update for the Linux Kernel 4.12.14-122_222 fixes several issues. The following security issues were fixed: - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553). - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1229273). - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).

Patchnames

SUSE-2024-4219,SUSE-SLE-Live-Patching-12-SP5-2024-4219

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 58 for SLE 12 SP5)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 4.12.14-122_222 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).\n- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1229273).\n- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-4219,SUSE-SLE-Live-Patching-12-SP5-2024-4219",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_4219-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:4219-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244219-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:4219-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019940.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1228573",
        "url": "https://bugzilla.suse.com/1228573"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1229273",
        "url": "https://bugzilla.suse.com/1229273"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1229553",
        "url": "https://bugzilla.suse.com/1229553"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-35949 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-35949/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-41059 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-41059/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-43861 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-43861/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 58 for SLE 12 SP5)",
    "tracking": {
      "current_release_date": "2024-12-05T21:09:17Z",
      "generator": {
        "date": "2024-12-05T21:09:17Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:4219-1",
      "initial_release_date": "2024-12-05T21:09:17Z",
      "revision_history": [
        {
          "date": "2024-12-05T21:09:17Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-4_12_14-122_222-default-3-8.6.1.ppc64le",
                "product": {
                  "name": "kgraft-patch-4_12_14-122_222-default-3-8.6.1.ppc64le",
                  "product_id": "kgraft-patch-4_12_14-122_222-default-3-8.6.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-4_12_14-122_222-default-3-8.6.1.s390x",
                "product": {
                  "name": "kgraft-patch-4_12_14-122_222-default-3-8.6.1.s390x",
                  "product_id": "kgraft-patch-4_12_14-122_222-default-3-8.6.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-4_12_14-122_222-default-3-8.6.1.x86_64",
                "product": {
                  "name": "kgraft-patch-4_12_14-122_222-default-3-8.6.1.x86_64",
                  "product_id": "kgraft-patch-4_12_14-122_222-default-3-8.6.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 12 SP5",
                  "product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_12_14-122_222-default-3-8.6.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_12_14-122_222-default-3-8.6.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_12_14-122_222-default-3-8.6.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.s390x"
        },
        "product_reference": "kgraft-patch-4_12_14-122_222-default-3-8.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_12_14-122_222-default-3-8.6.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_12_14-122_222-default-3-8.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-35949",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-35949"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: make sure that WRITTEN is set on all metadata blocks\n\nWe previously would call btrfs_check_leaf() if we had the check\nintegrity code enabled, which meant that we could only run the extended\nleaf checks if we had WRITTEN set on the header flags.\n\nThis leaves a gap in our checking, because we could end up with\ncorruption on disk where WRITTEN isn\u0027t set on the leaf, and then the\nextended leaf checks don\u0027t get run which we rely on to validate all of\nthe item pointers to make sure we don\u0027t access memory outside of the\nextent buffer.\n\nHowever, since 732fab95abe2 (\"btrfs: check-integrity: remove\nCONFIG_BTRFS_FS_CHECK_INTEGRITY option\") we no longer call\nbtrfs_check_leaf() from btrfs_mark_buffer_dirty(), which means we only\never call it on blocks that are being written out, and thus have WRITTEN\nset, or that are being read in, which should have WRITTEN set.\n\nAdd checks to make sure we have WRITTEN set appropriately, and then make\nsure __btrfs_check_leaf() always does the item checking.  This will\nprotect us from file systems that have been corrupted and no longer have\nWRITTEN set on some of the blocks.\n\nThis was hit on a crafted image tweaking the WRITTEN bit and reported by\nKASAN as out-of-bound access in the eb accessors. The example is a dir\nitem at the end of an eb.\n\n  [2.042] BTRFS warning (device loop1): bad eb member start: ptr 0x3fff start 30572544 member offset 16410 size 2\n  [2.040] general protection fault, probably for non-canonical address 0xe0009d1000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI\n  [2.537] KASAN: maybe wild-memory-access in range [0x0005088000000018-0x000508800000001f]\n  [2.729] CPU: 0 PID: 2587 Comm: mount Not tainted 6.8.2 #1\n  [2.729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n  [2.621] RIP: 0010:btrfs_get_16+0x34b/0x6d0\n  [2.621] RSP: 0018:ffff88810871fab8 EFLAGS: 00000206\n  [2.621] RAX: 0000a11000000003 RBX: ffff888104ff8720 RCX: ffff88811b2288c0\n  [2.621] RDX: dffffc0000000000 RSI: ffffffff81dd8aca RDI: ffff88810871f748\n  [2.621] RBP: 000000000000401a R08: 0000000000000001 R09: ffffed10210e3ee9\n  [2.621] R10: ffff88810871f74f R11: 205d323430333737 R12: 000000000000001a\n  [2.621] R13: 000508800000001a R14: 1ffff110210e3f5d R15: ffffffff850011e8\n  [2.621] FS:  00007f56ea275840(0000) GS:ffff88811b200000(0000) knlGS:0000000000000000\n  [2.621] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  [2.621] CR2: 00007febd13b75c0 CR3: 000000010bb50000 CR4: 00000000000006f0\n  [2.621] Call Trace:\n  [2.621]  \u003cTASK\u003e\n  [2.621]  ? show_regs+0x74/0x80\n  [2.621]  ? die_addr+0x46/0xc0\n  [2.621]  ? exc_general_protection+0x161/0x2a0\n  [2.621]  ? asm_exc_general_protection+0x26/0x30\n  [2.621]  ? btrfs_get_16+0x33a/0x6d0\n  [2.621]  ? btrfs_get_16+0x34b/0x6d0\n  [2.621]  ? btrfs_get_16+0x33a/0x6d0\n  [2.621]  ? __pfx_btrfs_get_16+0x10/0x10\n  [2.621]  ? __pfx_mutex_unlock+0x10/0x10\n  [2.621]  btrfs_match_dir_item_name+0x101/0x1a0\n  [2.621]  btrfs_lookup_dir_item+0x1f3/0x280\n  [2.621]  ? __pfx_btrfs_lookup_dir_item+0x10/0x10\n  [2.621]  btrfs_get_tree+0xd25/0x1910\n\n[ copy more details from report ]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.s390x",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-35949",
          "url": "https://www.suse.com/security/cve/CVE-2024-35949"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1224700 for CVE-2024-35949",
          "url": "https://bugzilla.suse.com/1224700"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1229273 for CVE-2024-35949",
          "url": "https://bugzilla.suse.com/1229273"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-12-05T21:09:17Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-35949"
    },
    {
      "cve": "CVE-2024-41059",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-41059"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix uninit-value in copy_name\n\n[syzbot reported]\nBUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160\n sized_strscpy+0xc4/0x160\n copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411\n hfsplus_listxattr+0x11e9/0x1a50 fs/hfsplus/xattr.c:750\n vfs_listxattr fs/xattr.c:493 [inline]\n listxattr+0x1f3/0x6b0 fs/xattr.c:840\n path_listxattr fs/xattr.c:864 [inline]\n __do_sys_listxattr fs/xattr.c:876 [inline]\n __se_sys_listxattr fs/xattr.c:873 [inline]\n __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873\n x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3877 [inline]\n slab_alloc_node mm/slub.c:3918 [inline]\n kmalloc_trace+0x57b/0xbe0 mm/slub.c:4065\n kmalloc include/linux/slab.h:628 [inline]\n hfsplus_listxattr+0x4cc/0x1a50 fs/hfsplus/xattr.c:699\n vfs_listxattr fs/xattr.c:493 [inline]\n listxattr+0x1f3/0x6b0 fs/xattr.c:840\n path_listxattr fs/xattr.c:864 [inline]\n __do_sys_listxattr fs/xattr.c:876 [inline]\n __se_sys_listxattr fs/xattr.c:873 [inline]\n __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873\n x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[Fix]\nWhen allocating memory to strbuf, initialize memory to 0.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.s390x",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-41059",
          "url": "https://www.suse.com/security/cve/CVE-2024-41059"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1228561 for CVE-2024-41059",
          "url": "https://bugzilla.suse.com/1228561"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1228573 for CVE-2024-41059",
          "url": "https://bugzilla.suse.com/1228573"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-12-05T21:09:17Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-41059"
    },
    {
      "cve": "CVE-2024-43861",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-43861"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: fix memory leak for not ip packets\n\nFree the unused skb when not ip packets arrive.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.s390x",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-43861",
          "url": "https://www.suse.com/security/cve/CVE-2024-43861"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1229500 for CVE-2024-43861",
          "url": "https://bugzilla.suse.com/1229500"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1229553 for CVE-2024-43861",
          "url": "https://bugzilla.suse.com/1229553"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-3-8.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-12-05T21:09:17Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-43861"
    }
  ]
}

CVE-2024-35949 (GCVE-0-2024-35949)

Vulnerability from cvelistv5

Published

2024-05-20 09:17

Modified

2025-05-04 09:09

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfs_check_leaf() if we had the check integrity code enabled, which meant that we could only run the extended leaf checks if we had WRITTEN set on the header flags. This leaves a gap in our checking, because we could end up with corruption on disk where WRITTEN isn't set on the leaf, and then the extended leaf checks don't get run which we rely on to validate all of the item pointers to make sure we don't access memory outside of the extent buffer. However, since 732fab95abe2 ("btrfs: check-integrity: remove CONFIG_BTRFS_FS_CHECK_INTEGRITY option") we no longer call btrfs_check_leaf() from btrfs_mark_buffer_dirty(), which means we only ever call it on blocks that are being written out, and thus have WRITTEN set, or that are being read in, which should have WRITTEN set. Add checks to make sure we have WRITTEN set appropriately, and then make sure __btrfs_check_leaf() always does the item checking. This will protect us from file systems that have been corrupted and no longer have WRITTEN set on some of the blocks. This was hit on a crafted image tweaking the WRITTEN bit and reported by KASAN as out-of-bound access in the eb accessors. The example is a dir item at the end of an eb. [2.042] BTRFS warning (device loop1): bad eb member start: ptr 0x3fff start 30572544 member offset 16410 size 2 [2.040] general protection fault, probably for non-canonical address 0xe0009d1000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI [2.537] KASAN: maybe wild-memory-access in range [0x0005088000000018-0x000508800000001f] [2.729] CPU: 0 PID: 2587 Comm: mount Not tainted 6.8.2 #1 [2.729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [2.621] RIP: 0010:btrfs_get_16+0x34b/0x6d0 [2.621] RSP: 0018:ffff88810871fab8 EFLAGS: 00000206 [2.621] RAX: 0000a11000000003 RBX: ffff888104ff8720 RCX: ffff88811b2288c0 [2.621] RDX: dffffc0000000000 RSI: ffffffff81dd8aca RDI: ffff88810871f748 [2.621] RBP: 000000000000401a R08: 0000000000000001 R09: ffffed10210e3ee9 [2.621] R10: ffff88810871f74f R11: 205d323430333737 R12: 000000000000001a [2.621] R13: 000508800000001a R14: 1ffff110210e3f5d R15: ffffffff850011e8 [2.621] FS: 00007f56ea275840(0000) GS:ffff88811b200000(0000) knlGS:0000000000000000 [2.621] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [2.621] CR2: 00007febd13b75c0 CR3: 000000010bb50000 CR4: 00000000000006f0 [2.621] Call Trace: [2.621] <TASK> [2.621] ? show_regs+0x74/0x80 [2.621] ? die_addr+0x46/0xc0 [2.621] ? exc_general_protection+0x161/0x2a0 [2.621] ? asm_exc_general_protection+0x26/0x30 [2.621] ? btrfs_get_16+0x33a/0x6d0 [2.621] ? btrfs_get_16+0x34b/0x6d0 [2.621] ? btrfs_get_16+0x33a/0x6d0 [2.621] ? __pfx_btrfs_get_16+0x10/0x10 [2.621] ? __pfx_mutex_unlock+0x10/0x10 [2.621] btrfs_match_dir_item_name+0x101/0x1a0 [2.621] btrfs_lookup_dir_item+0x1f3/0x280 [2.621] ? __pfx_btrfs_lookup_dir_item+0x10/0x10 [2.621] btrfs_get_tree+0xd25/0x1910 [ copy more details from report ]

References

►

URL

Tags

	https://git.kernel.org/stable/c/9dff3e36ea89e8003516841c27c45af562b6ef44
	https://git.kernel.org/stable/c/ef3ba8ce8cf7075b716aa4afcefc3034215878ee
	https://git.kernel.org/stable/c/e03418abde871314e1a3a550f4c8afb7b89cb273

Impacted products

Vendor

Product

Version

►

Linux

Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35949",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:38:20.543684Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:40:35.661Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.957Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ef3ba8ce8cf7075b716aa4afcefc3034215878ee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e03418abde871314e1a3a550f4c8afb7b89cb273"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/tree-checker.c",
            "fs/btrfs/tree-checker.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9dff3e36ea89e8003516841c27c45af562b6ef44",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "ef3ba8ce8cf7075b716aa4afcefc3034215878ee",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e03418abde871314e1a3a550f4c8afb7b89cb273",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/tree-checker.c",
            "fs/btrfs/tree-checker.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.85",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: make sure that WRITTEN is set on all metadata blocks\n\nWe previously would call btrfs_check_leaf() if we had the check\nintegrity code enabled, which meant that we could only run the extended\nleaf checks if we had WRITTEN set on the header flags.\n\nThis leaves a gap in our checking, because we could end up with\ncorruption on disk where WRITTEN isn\u0027t set on the leaf, and then the\nextended leaf checks don\u0027t get run which we rely on to validate all of\nthe item pointers to make sure we don\u0027t access memory outside of the\nextent buffer.\n\nHowever, since 732fab95abe2 (\"btrfs: check-integrity: remove\nCONFIG_BTRFS_FS_CHECK_INTEGRITY option\") we no longer call\nbtrfs_check_leaf() from btrfs_mark_buffer_dirty(), which means we only\never call it on blocks that are being written out, and thus have WRITTEN\nset, or that are being read in, which should have WRITTEN set.\n\nAdd checks to make sure we have WRITTEN set appropriately, and then make\nsure __btrfs_check_leaf() always does the item checking.  This will\nprotect us from file systems that have been corrupted and no longer have\nWRITTEN set on some of the blocks.\n\nThis was hit on a crafted image tweaking the WRITTEN bit and reported by\nKASAN as out-of-bound access in the eb accessors. The example is a dir\nitem at the end of an eb.\n\n  [2.042] BTRFS warning (device loop1): bad eb member start: ptr 0x3fff start 30572544 member offset 16410 size 2\n  [2.040] general protection fault, probably for non-canonical address 0xe0009d1000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI\n  [2.537] KASAN: maybe wild-memory-access in range [0x0005088000000018-0x000508800000001f]\n  [2.729] CPU: 0 PID: 2587 Comm: mount Not tainted 6.8.2 #1\n  [2.729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n  [2.621] RIP: 0010:btrfs_get_16+0x34b/0x6d0\n  [2.621] RSP: 0018:ffff88810871fab8 EFLAGS: 00000206\n  [2.621] RAX: 0000a11000000003 RBX: ffff888104ff8720 RCX: ffff88811b2288c0\n  [2.621] RDX: dffffc0000000000 RSI: ffffffff81dd8aca RDI: ffff88810871f748\n  [2.621] RBP: 000000000000401a R08: 0000000000000001 R09: ffffed10210e3ee9\n  [2.621] R10: ffff88810871f74f R11: 205d323430333737 R12: 000000000000001a\n  [2.621] R13: 000508800000001a R14: 1ffff110210e3f5d R15: ffffffff850011e8\n  [2.621] FS:  00007f56ea275840(0000) GS:ffff88811b200000(0000) knlGS:0000000000000000\n  [2.621] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  [2.621] CR2: 00007febd13b75c0 CR3: 000000010bb50000 CR4: 00000000000006f0\n  [2.621] Call Trace:\n  [2.621]  \u003cTASK\u003e\n  [2.621]  ? show_regs+0x74/0x80\n  [2.621]  ? die_addr+0x46/0xc0\n  [2.621]  ? exc_general_protection+0x161/0x2a0\n  [2.621]  ? asm_exc_general_protection+0x26/0x30\n  [2.621]  ? btrfs_get_16+0x33a/0x6d0\n  [2.621]  ? btrfs_get_16+0x34b/0x6d0\n  [2.621]  ? btrfs_get_16+0x33a/0x6d0\n  [2.621]  ? __pfx_btrfs_get_16+0x10/0x10\n  [2.621]  ? __pfx_mutex_unlock+0x10/0x10\n  [2.621]  btrfs_match_dir_item_name+0x101/0x1a0\n  [2.621]  btrfs_lookup_dir_item+0x1f3/0x280\n  [2.621]  ? __pfx_btrfs_lookup_dir_item+0x10/0x10\n  [2.621]  btrfs_get_tree+0xd25/0x1910\n\n[ copy more details from report ]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:09:02.709Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9dff3e36ea89e8003516841c27c45af562b6ef44"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef3ba8ce8cf7075b716aa4afcefc3034215878ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/e03418abde871314e1a3a550f4c8afb7b89cb273"
        }
      ],
      "title": "btrfs: make sure that WRITTEN is set on all metadata blocks",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35949",
    "datePublished": "2024-05-20T09:17:38.893Z",
    "dateReserved": "2024-05-17T13:50:33.134Z",
    "dateUpdated": "2025-05-04T09:09:02.709Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-43861 (GCVE-0-2024-43861)

Vulnerability from cvelistv5

Published

2024-08-20 21:37

Modified

2025-05-04 09:27

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: fix memory leak for not ip packets Free the unused skb when not ip packets arrive.

References

►

URL

Tags

	https://git.kernel.org/stable/c/3c90a69533b5bba73401ef884d033ea49ee99662
	https://git.kernel.org/stable/c/37c093449704017870604994ba9b813cdb9475a4
	https://git.kernel.org/stable/c/e87f52225e04a7001bf55bbd7a330fa4252327b5
	https://git.kernel.org/stable/c/c4251a3deccad852b27e60625f31fba6cc14372f
	https://git.kernel.org/stable/c/da518cc9b64df391795d9952aed551e0f782e446
	https://git.kernel.org/stable/c/f2c353227de14b0289298ffc3ba92058c4768384
	https://git.kernel.org/stable/c/c6c5b91424fafc0f83852d961c10c7e43a001882
	https://git.kernel.org/stable/c/7ab107544b777c3bd7feb9fe447367d8edd5b202

Impacted products

Vendor

Product

Version

►

Linux

Version: c6adf77953bcec0ad63d7782479452464e50f7a3
Version: c6adf77953bcec0ad63d7782479452464e50f7a3
Version: c6adf77953bcec0ad63d7782479452464e50f7a3
Version: c6adf77953bcec0ad63d7782479452464e50f7a3
Version: c6adf77953bcec0ad63d7782479452464e50f7a3
Version: c6adf77953bcec0ad63d7782479452464e50f7a3
Version: c6adf77953bcec0ad63d7782479452464e50f7a3
Version: c6adf77953bcec0ad63d7782479452464e50f7a3

Linux

Version: 4.12

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43861",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:06:52.223158Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:19.900Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/qmi_wwan.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3c90a69533b5bba73401ef884d033ea49ee99662",
              "status": "affected",
              "version": "c6adf77953bcec0ad63d7782479452464e50f7a3",
              "versionType": "git"
            },
            {
              "lessThan": "37c093449704017870604994ba9b813cdb9475a4",
              "status": "affected",
              "version": "c6adf77953bcec0ad63d7782479452464e50f7a3",
              "versionType": "git"
            },
            {
              "lessThan": "e87f52225e04a7001bf55bbd7a330fa4252327b5",
              "status": "affected",
              "version": "c6adf77953bcec0ad63d7782479452464e50f7a3",
              "versionType": "git"
            },
            {
              "lessThan": "c4251a3deccad852b27e60625f31fba6cc14372f",
              "status": "affected",
              "version": "c6adf77953bcec0ad63d7782479452464e50f7a3",
              "versionType": "git"
            },
            {
              "lessThan": "da518cc9b64df391795d9952aed551e0f782e446",
              "status": "affected",
              "version": "c6adf77953bcec0ad63d7782479452464e50f7a3",
              "versionType": "git"
            },
            {
              "lessThan": "f2c353227de14b0289298ffc3ba92058c4768384",
              "status": "affected",
              "version": "c6adf77953bcec0ad63d7782479452464e50f7a3",
              "versionType": "git"
            },
            {
              "lessThan": "c6c5b91424fafc0f83852d961c10c7e43a001882",
              "status": "affected",
              "version": "c6adf77953bcec0ad63d7782479452464e50f7a3",
              "versionType": "git"
            },
            {
              "lessThan": "7ab107544b777c3bd7feb9fe447367d8edd5b202",
              "status": "affected",
              "version": "c6adf77953bcec0ad63d7782479452464e50f7a3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/qmi_wwan.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.12"
            },
            {
              "lessThan": "4.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.105",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.320",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.282",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.224",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.105",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.46",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.5",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: fix memory leak for not ip packets\n\nFree the unused skb when not ip packets arrive."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:27:54.358Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3c90a69533b5bba73401ef884d033ea49ee99662"
        },
        {
          "url": "https://git.kernel.org/stable/c/37c093449704017870604994ba9b813cdb9475a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/e87f52225e04a7001bf55bbd7a330fa4252327b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/c4251a3deccad852b27e60625f31fba6cc14372f"
        },
        {
          "url": "https://git.kernel.org/stable/c/da518cc9b64df391795d9952aed551e0f782e446"
        },
        {
          "url": "https://git.kernel.org/stable/c/f2c353227de14b0289298ffc3ba92058c4768384"
        },
        {
          "url": "https://git.kernel.org/stable/c/c6c5b91424fafc0f83852d961c10c7e43a001882"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ab107544b777c3bd7feb9fe447367d8edd5b202"
        }
      ],
      "title": "net: usb: qmi_wwan: fix memory leak for not ip packets",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-43861",
    "datePublished": "2024-08-20T21:37:53.029Z",
    "dateReserved": "2024-08-17T09:11:59.279Z",
    "dateUpdated": "2025-05-04T09:27:54.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41059 (GCVE-0-2024-41059)

Vulnerability from cvelistv5

Published

2024-07-29 14:57

Modified

2025-05-21 09:12

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copy_name [syzbot reported] BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160 sized_strscpy+0xc4/0x160 copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411 hfsplus_listxattr+0x11e9/0x1a50 fs/hfsplus/xattr.c:750 vfs_listxattr fs/xattr.c:493 [inline] listxattr+0x1f3/0x6b0 fs/xattr.c:840 path_listxattr fs/xattr.c:864 [inline] __do_sys_listxattr fs/xattr.c:876 [inline] __se_sys_listxattr fs/xattr.c:873 [inline] __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873 x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:3877 [inline] slab_alloc_node mm/slub.c:3918 [inline] kmalloc_trace+0x57b/0xbe0 mm/slub.c:4065 kmalloc include/linux/slab.h:628 [inline] hfsplus_listxattr+0x4cc/0x1a50 fs/hfsplus/xattr.c:699 vfs_listxattr fs/xattr.c:493 [inline] listxattr+0x1f3/0x6b0 fs/xattr.c:840 path_listxattr fs/xattr.c:864 [inline] __do_sys_listxattr fs/xattr.c:876 [inline] __se_sys_listxattr fs/xattr.c:873 [inline] __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873 x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f [Fix] When allocating memory to strbuf, initialize memory to 0.

References

►

URL

Tags

	https://git.kernel.org/stable/c/72805debec8f7aa342da194fe0ed7bc8febea335
	https://git.kernel.org/stable/c/c733e24a61cbcff10f660041d6d84d32bb7e4cb4
	https://git.kernel.org/stable/c/34f8efd2743f2d961e92e8e994de4c7a2f9e74a0
	https://git.kernel.org/stable/c/d02d8c1dacafb28930c39e16d48e40bb6e4cbc70
	https://git.kernel.org/stable/c/22999936b91ba545ce1fbbecae6895127945e91c
	https://git.kernel.org/stable/c/f08956d8e0f80fd0d4ad84ec917302bb2f3a9c6a
	https://git.kernel.org/stable/c/ad57dc2caf1e0a3c0a9904400fae7afbc9f74bb2
	https://git.kernel.org/stable/c/0570730c16307a72f8241df12363f76600baf57d

Impacted products

Vendor

Product

Version

►

Linux

Version: 017f8da43e92ddd9989884720b694a512e09ccce
Version: 017f8da43e92ddd9989884720b694a512e09ccce
Version: 017f8da43e92ddd9989884720b694a512e09ccce
Version: 017f8da43e92ddd9989884720b694a512e09ccce
Version: 017f8da43e92ddd9989884720b694a512e09ccce
Version: 017f8da43e92ddd9989884720b694a512e09ccce
Version: 017f8da43e92ddd9989884720b694a512e09ccce
Version: 017f8da43e92ddd9989884720b694a512e09ccce

Linux

Version: 3.16

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:46:52.410Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/72805debec8f7aa342da194fe0ed7bc8febea335"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c733e24a61cbcff10f660041d6d84d32bb7e4cb4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/34f8efd2743f2d961e92e8e994de4c7a2f9e74a0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d02d8c1dacafb28930c39e16d48e40bb6e4cbc70"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/22999936b91ba545ce1fbbecae6895127945e91c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f08956d8e0f80fd0d4ad84ec917302bb2f3a9c6a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ad57dc2caf1e0a3c0a9904400fae7afbc9f74bb2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0570730c16307a72f8241df12363f76600baf57d"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41059",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:22:15.385503Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:01.548Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/hfsplus/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "72805debec8f7aa342da194fe0ed7bc8febea335",
              "status": "affected",
              "version": "017f8da43e92ddd9989884720b694a512e09ccce",
              "versionType": "git"
            },
            {
              "lessThan": "c733e24a61cbcff10f660041d6d84d32bb7e4cb4",
              "status": "affected",
              "version": "017f8da43e92ddd9989884720b694a512e09ccce",
              "versionType": "git"
            },
            {
              "lessThan": "34f8efd2743f2d961e92e8e994de4c7a2f9e74a0",
              "status": "affected",
              "version": "017f8da43e92ddd9989884720b694a512e09ccce",
              "versionType": "git"
            },
            {
              "lessThan": "d02d8c1dacafb28930c39e16d48e40bb6e4cbc70",
              "status": "affected",
              "version": "017f8da43e92ddd9989884720b694a512e09ccce",
              "versionType": "git"
            },
            {
              "lessThan": "22999936b91ba545ce1fbbecae6895127945e91c",
              "status": "affected",
              "version": "017f8da43e92ddd9989884720b694a512e09ccce",
              "versionType": "git"
            },
            {
              "lessThan": "f08956d8e0f80fd0d4ad84ec917302bb2f3a9c6a",
              "status": "affected",
              "version": "017f8da43e92ddd9989884720b694a512e09ccce",
              "versionType": "git"
            },
            {
              "lessThan": "ad57dc2caf1e0a3c0a9904400fae7afbc9f74bb2",
              "status": "affected",
              "version": "017f8da43e92ddd9989884720b694a512e09ccce",
              "versionType": "git"
            },
            {
              "lessThan": "0570730c16307a72f8241df12363f76600baf57d",
              "status": "affected",
              "version": "017f8da43e92ddd9989884720b694a512e09ccce",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/hfsplus/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.16"
            },
            {
              "lessThan": "3.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.319",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.281",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.223",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.164",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.101",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.319",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.281",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.223",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.164",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.101",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.42",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.11",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix uninit-value in copy_name\n\n[syzbot reported]\nBUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160\n sized_strscpy+0xc4/0x160\n copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411\n hfsplus_listxattr+0x11e9/0x1a50 fs/hfsplus/xattr.c:750\n vfs_listxattr fs/xattr.c:493 [inline]\n listxattr+0x1f3/0x6b0 fs/xattr.c:840\n path_listxattr fs/xattr.c:864 [inline]\n __do_sys_listxattr fs/xattr.c:876 [inline]\n __se_sys_listxattr fs/xattr.c:873 [inline]\n __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873\n x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3877 [inline]\n slab_alloc_node mm/slub.c:3918 [inline]\n kmalloc_trace+0x57b/0xbe0 mm/slub.c:4065\n kmalloc include/linux/slab.h:628 [inline]\n hfsplus_listxattr+0x4cc/0x1a50 fs/hfsplus/xattr.c:699\n vfs_listxattr fs/xattr.c:493 [inline]\n listxattr+0x1f3/0x6b0 fs/xattr.c:840\n path_listxattr fs/xattr.c:864 [inline]\n __do_sys_listxattr fs/xattr.c:876 [inline]\n __se_sys_listxattr fs/xattr.c:873 [inline]\n __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873\n x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[Fix]\nWhen allocating memory to strbuf, initialize memory to 0."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:12:50.190Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/72805debec8f7aa342da194fe0ed7bc8febea335"
        },
        {
          "url": "https://git.kernel.org/stable/c/c733e24a61cbcff10f660041d6d84d32bb7e4cb4"
        },
        {
          "url": "https://git.kernel.org/stable/c/34f8efd2743f2d961e92e8e994de4c7a2f9e74a0"
        },
        {
          "url": "https://git.kernel.org/stable/c/d02d8c1dacafb28930c39e16d48e40bb6e4cbc70"
        },
        {
          "url": "https://git.kernel.org/stable/c/22999936b91ba545ce1fbbecae6895127945e91c"
        },
        {
          "url": "https://git.kernel.org/stable/c/f08956d8e0f80fd0d4ad84ec917302bb2f3a9c6a"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad57dc2caf1e0a3c0a9904400fae7afbc9f74bb2"
        },
        {
          "url": "https://git.kernel.org/stable/c/0570730c16307a72f8241df12363f76600baf57d"
        }
      ],
      "title": "hfsplus: fix uninit-value in copy_name",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41059",
    "datePublished": "2024-07-29T14:57:21.616Z",
    "dateReserved": "2024-07-12T12:17:45.627Z",
    "dateUpdated": "2025-05-21T09:12:50.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2024:4219-1

Vulnerability from csaf_suse

CVE-2024-35949 (GCVE-0-2024-35949)

Vulnerability from cvelistv5

CVE-2024-43861 (GCVE-0-2024-43861)

Vulnerability from cvelistv5

CVE-2024-41059 (GCVE-0-2024-41059)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature