In the Linux kernel, the following vulnerability has been resolved:
block: initialize integrity buffer to zero before writing it to media
Metadata added by biointegrityprep is using plain kmalloc, which leads to random kernel memory being written media. For PI metadata this is limited to the app tag that isn't used by kernel generated metadata, but for non-PI metadata the entire buffer leaks kernel memory.
Fix this by adding the _GFPZERO flag to allocations for writes.
[ { "signature_type": "Line", "id": "CVE-2024-43854-0c556a6d", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9f4af4cf08f9a0329ade3d938f55d2220c40d0a6", "signature_version": "v1", "target": { "file": "block/bio-integrity.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "38932994724334620704102914047316161741", "339241031563916910271871558918123150567", "301813263556339629861618427300220561440", "85177017734527068954269235993613424222", "310400603028311706924852513561026433726", "100502852939480248016226752151327147620", "289790165694696335900009116172667855256", "149250484871256021388513475028259952084", "293340435370675675281483149848567047729", "128715098064674467447111585342818276426", "81783822339054198537136790243191696254", "224156149628634298411966479792415957770" ] }, "deprecated": false }, { "signature_type": "Line", "id": "CVE-2024-43854-10e330b9", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f", "signature_version": "v1", "target": { "file": "block/bio-integrity.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "122191596083846572062720112986298509880", "146625806114418354440271596875419050678", "170626742934922108247334980456348324919", "296620531384173122199582853533381673372", "310400603028311706924852513561026433726", "100502852939480248016226752151327147620", "270236771102662503826010537086329790330", "140425692193132197271980536160255666116", "242017334035597541692472332961872455000", "53290495550886690657105966190461956086", "85753115161285553630014375923170775087" ] }, "deprecated": false }, { "signature_type": "Line", "id": "CVE-2024-43854-3f9f203e", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d418313bd8f55c079a7da12651951b489a638ac1", "signature_version": "v1", "target": { "file": "block/bio-integrity.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "122191596083846572062720112986298509880", "146625806114418354440271596875419050678", "170626742934922108247334980456348324919", "296620531384173122199582853533381673372", "310400603028311706924852513561026433726", "100502852939480248016226752151327147620", "270236771102662503826010537086329790330", "140425692193132197271980536160255666116", "242017334035597541692472332961872455000", "53290495550886690657105966190461956086", "85753115161285553630014375923170775087" ] }, "deprecated": false }, { "signature_type": "Function", "id": "CVE-2024-43854-52186f9c", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2", "signature_version": "v1", "target": { "function": "bio_integrity_prep", "file": "block/bio-integrity.c" }, "digest": { "function_hash": "316987392206440839856578622419513529100", "length": 2016.0 }, "deprecated": false }, { "signature_type": "Function", "id": "CVE-2024-43854-66cd92f3", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f", "signature_version": "v1", "target": { "function": "bio_integrity_prep", "file": "block/bio-integrity.c" }, "digest": { "function_hash": "104623012990507181334115273575526497729", "length": 1921.0 }, "deprecated": false }, { "signature_type": "Function", "id": "CVE-2024-43854-7af18c99", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d418313bd8f55c079a7da12651951b489a638ac1", "signature_version": "v1", "target": { "function": "bio_integrity_prep", "file": "block/bio-integrity.c" }, "digest": { "function_hash": "316987392206440839856578622419513529100", "length": 2016.0 }, "deprecated": false }, { "signature_type": "Line", "id": "CVE-2024-43854-7dfd1e99", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2", "signature_version": "v1", "target": { "file": "block/bio-integrity.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "122191596083846572062720112986298509880", "146625806114418354440271596875419050678", "170626742934922108247334980456348324919", "296620531384173122199582853533381673372", "310400603028311706924852513561026433726", "100502852939480248016226752151327147620", "270236771102662503826010537086329790330", "140425692193132197271980536160255666116", "242017334035597541692472332961872455000", "53290495550886690657105966190461956086", "85753115161285553630014375923170775087" ] }, "deprecated": false }, { "signature_type": "Line", "id": "CVE-2024-43854-80e460de", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23a19655fb56f241e592041156dfb1c6d04da644", "signature_version": "v1", "target": { "file": "block/bio-integrity.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "122191596083846572062720112986298509880", "146625806114418354440271596875419050678", "170626742934922108247334980456348324919", "296620531384173122199582853533381673372", "310400603028311706924852513561026433726", "100502852939480248016226752151327147620", "270236771102662503826010537086329790330", "140425692193132197271980536160255666116", "242017334035597541692472332961872455000", "53290495550886690657105966190461956086", "85753115161285553630014375923170775087" ] }, "deprecated": false }, { "signature_type": "Line", "id": "CVE-2024-43854-825b2f9f", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ebc0e91ba76dc6544fff9f5b66408b1982806a00", "signature_version": "v1", "target": { "file": "block/bio-integrity.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "122191596083846572062720112986298509880", "146625806114418354440271596875419050678", "170626742934922108247334980456348324919", "296620531384173122199582853533381673372", "310400603028311706924852513561026433726", "100502852939480248016226752151327147620", "270236771102662503826010537086329790330", "140425692193132197271980536160255666116", "242017334035597541692472332961872455000", "53290495550886690657105966190461956086", "85753115161285553630014375923170775087" ] }, "deprecated": false }, { "signature_type": "Line", "id": "CVE-2024-43854-a2756683", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@129f95948a96105c1fad8e612c9097763e88ac5f", "signature_version": "v1", "target": { "file": "block/bio-integrity.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "38932994724334620704102914047316161741", "339241031563916910271871558918123150567", "301813263556339629861618427300220561440", "85177017734527068954269235993613424222", "310400603028311706924852513561026433726", "100502852939480248016226752151327147620", "289790165694696335900009116172667855256", "149250484871256021388513475028259952084", "293340435370675675281483149848567047729", "128715098064674467447111585342818276426", "81783822339054198537136790243191696254", "224156149628634298411966479792415957770" ] }, "deprecated": false }, { "signature_type": "Function", "id": "CVE-2024-43854-af62b14b", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9f4af4cf08f9a0329ade3d938f55d2220c40d0a6", "signature_version": "v1", "target": { "function": "bio_integrity_prep", "file": "block/bio-integrity.c" }, "digest": { "function_hash": "219137843315703228662900106410406949756", "length": 2148.0 }, "deprecated": false }, { "signature_type": "Function", "id": "CVE-2024-43854-c0259c6d", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23a19655fb56f241e592041156dfb1c6d04da644", "signature_version": "v1", "target": { "function": "bio_integrity_prep", "file": "block/bio-integrity.c" }, "digest": { "function_hash": "104623012990507181334115273575526497729", "length": 1921.0 }, "deprecated": false }, { "signature_type": "Function", "id": "CVE-2024-43854-d8813c94", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@129f95948a96105c1fad8e612c9097763e88ac5f", "signature_version": "v1", "target": { "function": "bio_integrity_prep", "file": "block/bio-integrity.c" }, "digest": { "function_hash": "267331722911703186937578512246390757213", "length": 2194.0 }, "deprecated": false }, { "signature_type": "Function", "id": "CVE-2024-43854-e8e871f3", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3fd11fe4f20756b4c0847f755a64cd96f8c6a005", "signature_version": "v1", "target": { "function": "bio_integrity_prep", "file": "block/bio-integrity.c" }, "digest": { "function_hash": "267331722911703186937578512246390757213", "length": 2194.0 }, "deprecated": false }, { "signature_type": "Function", "id": "CVE-2024-43854-ec5a6312", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ebc0e91ba76dc6544fff9f5b66408b1982806a00", "signature_version": "v1", "target": { "function": "bio_integrity_prep", "file": "block/bio-integrity.c" }, "digest": { "function_hash": "104623012990507181334115273575526497729", "length": 1921.0 }, "deprecated": false }, { "signature_type": "Line", "id": "CVE-2024-43854-f3174421", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3fd11fe4f20756b4c0847f755a64cd96f8c6a005", "signature_version": "v1", "target": { "file": "block/bio-integrity.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "38932994724334620704102914047316161741", "339241031563916910271871558918123150567", "301813263556339629861618427300220561440", "85177017734527068954269235993613424222", "310400603028311706924852513561026433726", "100502852939480248016226752151327147620", "289790165694696335900009116172667855256", "149250484871256021388513475028259952084", "293340435370675675281483149848567047729", "128715098064674467447111585342818276426", "81783822339054198537136790243191696254", "224156149628634298411966479792415957770" ] }, "deprecated": false } ]