CVE-2024-53101 — Use of Uninitialized Resource in Linux
Severity
5.5MEDIUMNVD
OSV8.8OSV7.8OSV6.7OSV6.3OSV4.7
EPSS
0.0%
top 99.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 25
Latest updateAug 14
Description
In the Linux kernel, the following vulnerability has been resolved:
fs: Fix uninitialized value issue in from_kuid and from_kgid
ocfs2_setattr() uses attr->ia_mode, attr->ia_uid and attr->ia_gid in
a trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren't set.
Initialize all fields of newattrs to avoid uninitialized variables, by
checking if ATTR_MODE, ATTR_UID, ATTR_GID are initialized, otherwise 0.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages7 packages
▶CVEListV5linux/linux468eedde23d6c9335935773f4f5764267d5a7763 — a0c77e5e3dcbffc7c6080ccc89c037f0c86496cf+8