CVE-2024-42311Use of Uninitialized Resource in Linux

CWE-908Use of Uninitialized ResourceCWE-20Improper Input Validation48 documents7 sources
Severity
5.5MEDIUMNVD
OSV8.8OSV7.1
EPSS
0.0%
top 92.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
LinuxLinux KernelDebian Linux+5 more
Timeline
PublishedAug 17
Latest updateFeb 24

Description

In the Linux kernel, the following vulnerability has been resolved: hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() Syzbot reports uninitialized value access issue as below: loop0: detected capacity change from 0 to 64 BUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30 hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30 d_revalidate fs/namei.c:862 [inline] lookup_fast+0x89e/0x8e0 fs/namei.c:1649 walk_component fs/namei.c:2001 [inline] lin

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages10 packages

NVDlinux/linux_kernel4.205.4.282+6
Debianlinux/linux_kernel< 5.10.226-1+3
Ubuntulinux/linux_kernel< 5.4.0-200.220+4
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2f7316b2b2f11cf0c6de917beee8d3de728be24db+8
debiandebian/linux< linux 6.1.106-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

23
OSV
linux-kvm vulnerabilities2025-02-24
OSV
linux, linux-aws, linux-lts-xenial vulnerabilities2025-02-10
OSV
linux-azure vulnerabilities2025-02-03
OSV
linux-azure, linux-azure-4.15 vulnerabilities2025-01-30
OSV
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities2025-01-28

📋Vendor Advisories

24
Ubuntu
Linux kernel (KVM) vulnerabilities2025-02-24
Ubuntu
Linux kernel vulnerabilities2025-02-10
Ubuntu
Linux kernel (Azure) vulnerabilities2025-02-03
Ubuntu
Linux kernel (Azure) vulnerabilities2025-01-30
Ubuntu
Linux kernel vulnerabilities2025-01-28