CVE-2024-44947

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-44947
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-44947.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-44947
Downstream
Related
Published
2024-09-02T17:36:15.633Z
Modified
2025-11-27T19:35:03.962723Z
Summary
fuse: Initialize beyond-EOF page contents before setting uptodate
Details

In the Linux kernel, the following vulnerability has been resolved:

fuse: Initialize beyond-EOF page contents before setting uptodate

fusenotifystore(), unlike fusedoreadpage(), does not enable page zeroing (because it can be used to change partial page contents).

So fusenotifystore() must be more careful to fully initialize page contents (including parts of the page that are beyond end-of-file) before marking the page uptodate.

The current code can leave beyond-EOF page contents uninitialized, which makes these uninitialized page contents visible to userspace via mmap().

This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIGINITONALLOCDEFAULT_ON=y or the corresponding kernel command line parameter).

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/ee626f5d79d5817bb21d6f048dc0da4c4e383443/cves/2024/44xxx/CVE-2024-44947.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a1d75f258230b75d46aecdf28b2e732413028863
Fixed
49934861514d36d0995be8e81bb3312a499d8d9a
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a1d75f258230b75d46aecdf28b2e732413028863
Fixed
33168db352c7b56ae18aa55c2cae1a1c5905d30e
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a1d75f258230b75d46aecdf28b2e732413028863
Fixed
4690e2171f651e2b415e3941ce17f2f7b813aff6
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a1d75f258230b75d46aecdf28b2e732413028863
Fixed
8c78303eafbf85a728dd84d1750e89240c677dd9
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a1d75f258230b75d46aecdf28b2e732413028863
Fixed
831433527773e665bdb635ab5783d0b95d1246f4
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a1d75f258230b75d46aecdf28b2e732413028863
Fixed
ac42e0f0eb66af966015ee33fd355bc6f5d80cd6
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a1d75f258230b75d46aecdf28b2e732413028863
Fixed
18a067240817bee8a9360539af5d79a4bf5398a5
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a1d75f258230b75d46aecdf28b2e732413028863
Fixed
3c0da3d163eb32f1f91891efaade027fa9b245b9

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.36
Fixed
4.19.321
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.283
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.225
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.166
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.107
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.48
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.10.7