CVE-2024-42076
- Source
- https://cve.org/CVERecord?id=CVE-2024-42076
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42076.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-42076
- Downstream
- Related
- Published
- 2024-07-29T15:52:38.981Z
- Modified
- 2026-03-13T07:56:12.576339Z
- Summary
- net: can: j1939: Initialize unused data in j1939_send_one()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: can: j1939: Initialize unused data in j1939sendone()
syzbot reported kernel-infoleak in rawrecvmsg() [1]. j1939send_one() creates full frame including unused data, but it doesn't initialize it. This causes the kernel-infoleak issue. Fix this by initializing unused data.
[1] BUG: KMSAN: kernel-infoleak in instrumentcopytouser include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copytouseriter lib/ioviter.c:24 [inline] BUG: KMSAN: kernel-infoleak in iterateubuf include/linux/ioviter.h:29 [inline] BUG: KMSAN: kernel-infoleak in iterateandadvance2 include/linux/ioviter.h:245 [inline] BUG: KMSAN: kernel-infoleak in iterateandadvance include/linux/ioviter.h:271 [inline] BUG: KMSAN: kernel-infoleak in copytoiter+0x366/0x2520 lib/ioviter.c:185 instrumentcopytouser include/linux/instrumented.h:114 [inline] copytouseriter lib/ioviter.c:24 [inline] iterateubuf include/linux/ioviter.h:29 [inline] iterateandadvance2 include/linux/ioviter.h:245 [inline] iterateandadvance include/linux/ioviter.h:271 [inline] copytoiter+0x366/0x2520 lib/ioviter.c:185 copytoiter include/linux/uio.h:196 [inline] memcpytomsg include/linux/skbuff.h:4113 [inline] rawrecvmsg+0x2b8/0x9e0 net/can/raw.c:1008 sockrecvmsgnosec net/socket.c:1046 [inline] sockrecvmsg+0x2c4/0x340 net/socket.c:1068 ____sys_recvmsg+0x18a/0x620 net/socket.c:2803 ___sysrecvmsg+0x223/0x840 net/socket.c:2845 dorecvmmsg+0x4fc/0xfd0 net/socket.c:2939 __sys_recvmmsg net/socket.c:3018 [inline] __dosysrecvmmsg net/socket.c:3041 [inline] __sesysrecvmmsg net/socket.c:3034 [inline] _x64sysrecvmmsg+0x397/0x490 net/socket.c:3034 x64syscall+0xf6c/0x3b50 arch/x86/include/generated/asm/syscalls64.h:300 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xcf/0x1e0 arch/x86/entry/common.c:83 entrySYSCALL64afterhwframe+0x77/0x7f
Uninit was created at: slabpostallochook mm/slub.c:3804 [inline] slaballocnode mm/slub.c:3845 [inline] kmemcacheallocnode+0x613/0xc50 mm/slub.c:3888 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577 __allocskb+0x35b/0x7a0 net/core/skbuff.c:668 allocskb include/linux/skbuff.h:1313 [inline] allocskbwithfrags+0xc8/0xbf0 net/core/skbuff.c:6504 sockallocsendpskb+0xa81/0xbf0 net/core/sock.c:2795 sockallocsendskb include/net/sock.h:1842 [inline] j1939skallocskb net/can/j1939/socket.c:878 [inline] j1939sksendloop net/can/j1939/socket.c:1142 [inline] j1939sksendmsg+0xc0a/0x2730 net/can/j1939/socket.c:1277 socksendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 ____sys_sendmsg+0x877/0xb60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __dosyssendmsg net/socket.c:2676 [inline] __sesyssendmsg net/socket.c:2674 [inline] _x64syssendmsg+0x307/0x4a0 net/socket.c:2674 x64syscall+0xc4b/0x3b50 arch/x86/include/generated/asm/syscalls64.h:47 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xcf/0x1e0 arch/x86/entry/common.c:83 entrySYSCALL64afterhwframe+0x77/0x7f
Bytes 12-15 of 16 are uninitialized Memory access of size 16 starts at ffff888120969690 Data copied to user address 00000000200017c0
CPU: 1 PID: 5050 Comm: syz-executor198 Not tainted 6.9.0-rc5-syzkaller-00031-g71b1543c83d6 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42076.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/4c5dc3927e17489c1cae6f48c0d5e4acb4cae01f
- https://git.kernel.org/stable/c/5e4ed38eb17eaca42de57d500cc0f9668d2b6abf
- https://git.kernel.org/stable/c/a2a0ebff7fdeb2f66e29335adf64b9e457300dd4
- https://git.kernel.org/stable/c/ab2a683938ba4416d389c2f5651cbbb2c41b779f
- https://git.kernel.org/stable/c/b7cdf1dd5d2a2d8200efd98d1893684db48fe134
- https://git.kernel.org/stable/c/ba7e5ae8208ac07d8e1eace0951a34c169a2d298
- https://git.kernel.org/stable/c/f97cbce633923588307049c4aef9feb2987e371b
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42076.json
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-42076
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9d71dd0c70099914fcd063135da3c580865e924cFixed5e4ed38eb17eaca42de57d500cc0f9668d2b6abfFixeda2a0ebff7fdeb2f66e29335adf64b9e457300dd4Fixed4c5dc3927e17489c1cae6f48c0d5e4acb4cae01fFixedf97cbce633923588307049c4aef9feb2987e371bFixedab2a683938ba4416d389c2f5651cbbb2c41b779fFixedba7e5ae8208ac07d8e1eace0951a34c169a2d298Fixedb7cdf1dd5d2a2d8200efd98d1893684db48fe134