CVE-2024-53155

HIGH EPSS 13.9%
Published Dec 24, 20241y ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published Dec 24, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2_file_read_iter() Syzbot has reported the following KMSAN splat: BUG: KMSAN: uninit-value in ocfs2_file_read_iter+0x9a4/0xf80 ocfs2_file_read_iter+0x9a4/0xf80 __io_read+0x8d4/0x20f0 io_read+0x3e/0xf0 io_issue_sqe+0x42b/0x22c0 io_wq_submit_work+0xaf9/0xdc0 io_worker_handle_work+0xd13/0x2110 io_wq_worker+0x447/0x1410 ret_from_fork+0x6f/0x90 ret_from_fork_asm+0x1a/0x30 Uninit was created at: __alloc_pages_noprof+0x9a7/0xe00 alloc_pages_mpol_noprof+0x299/0x990 alloc_pages_noprof+0x1bf/0x1e0 allocate_slab+0x33a/0x1250 ___slab_alloc+0x12ef/0x35e0 kmem_cache_alloc_bulk_noprof+0x486/0x1330 __io_alloc_req_refill+0x84/0x560 io_submit_sqes+0x172f/0x2f30 __se_sys_io_uring_enter+0x406/0x41c0 __x64_sys_io_uring_enter+0x11f/0x1a0 x64_sys_call+0x2b54/0x3ba0 do_syscall_64+0xcd/0x1e0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Since an instance of 'struct kiocb' may be passed from the block layer with 'private' field uninitialized, introduce 'ocfs2_iocb_init_rw_locked()' and use it from where 'ocfs2_dio_end_io()' might take care, i.e. in 'ocfs2_file_read_iter()' and 'ocfs2_file_write_iter()'.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
13.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-908

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥2.6.22  –  <4.19.325
linuxlinux_kernel*≥4.20  –  <5.4.287
linuxlinux_kernel*≥5.5  –  <5.10.231
linuxlinux_kernel*≥5.11  –  <5.15.174
linuxlinux_kernel*≥5.16  –  <6.1.120
linuxlinux_kernel*≥6.2  –  <6.6.64
linuxlinux_kernel*≥6.7  –  <6.11.11
linuxlinux_kernel*≥6.12  –  <6.12.2

References 11

  • git.kernel.org https://git.kernel.org/stable/c/366c933c2ab34dd6551acc03b4872726b7605143
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/66b7ddd1804e2c4216dd7ead8eeb746cdbb3b62f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6c8f8d1e595dabd5389817f6d798cc8bd95c40ab
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/83f8713a0ef1d55d6a287bcfadcaab8245ac5098
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8c966150d5abff58c3c2bdb9a6e63fd773782905
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8e0de82ed18ba0e71f817adbd81317fd1032ca5a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/adc77b19f62d7e80f98400b2fca9d700d2afdd6f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dc78efe556fed162d48736ef24066f42e463e27c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f4078ef38d3163e6be47403a619558b19c4bfccd
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/366c933c2ab34dd6551acc03b4872726b7605143
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/66b7ddd1804e2c4216dd7ead8eeb746cdbb3b62f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6c8f8d1e595dabd5389817f6d798cc8bd95c40ab
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/83f8713a0ef1d55d6a287bcfadcaab8245ac5098
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8c966150d5abff58c3c2bdb9a6e63fd773782905
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8e0de82ed18ba0e71f817adbd81317fd1032ca5a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/adc77b19f62d7e80f98400b2fca9d700d2afdd6f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dc78efe556fed162d48736ef24066f42e463e27c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f4078ef38d3163e6be47403a619558b19c4bfccd
    Patch