CVE-2024-50110
- Source
- https://cve.org/CVERecord?id=CVE-2024-50110
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50110.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-50110
- Downstream
- Related
- Published
- 2024-11-05T17:10:43.325Z
- Modified
- 2026-03-11T07:47:19.031229Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- xfrm: fix one more kernel-infoleak in algo dumping
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
xfrm: fix one more kernel-infoleak in algo dumping
During fuzz testing, the following issue was discovered:
BUG: KMSAN: kernel-infoleak in copytoiter+0x598/0x2a30 copytoiter+0x598/0x2a30 __skbdatagramiter+0x168/0x1060 skb_copydatagramiter+0x5b/0x220 netlinkrecvmsg+0x362/0x1700 sockrecvmsg+0x2dc/0x390 __sys_recvfrom+0x381/0x6d0 __x64sysrecvfrom+0x130/0x200 x64syscall+0x32c8/0x3cc0 dosyscall64+0xd8/0x1c0 entrySYSCALL64afterhwframe+0x79/0x81
Uninit was stored to memory at: copytouserstateextra+0xcc1/0x1e00 dumponestate+0x28c/0x5f0 xfrmstatewalk+0x548/0x11e0 xfrmdumpsa+0x1e0/0x840 netlink_dump+0x943/0x1c40 __netlinkdumpstart+0x746/0xdb0 xfrmuserrcvmsg+0x429/0xc00 netlinkrcvskb+0x613/0x780 xfrmnetlinkrcv+0x77/0xc0 netlinkunicast+0xe90/0x1280 netlink_sendmsg+0x126d/0x1490 __sock_sendmsg+0x332/0x3d0 ____sys_sendmsg+0x863/0xc30 ___sys_sendmsg+0x285/0x3e0 __x64syssendmsg+0x2d6/0x560 x64syscall+0x1316/0x3cc0 dosyscall64+0xd8/0x1c0 entrySYSCALL64afterhwframe+0x79/0x81
Uninit was created at: __kmalloc+0x571/0xd30 attachauth+0x106/0x3e0 xfrmaddsa+0x2aa0/0x4230 xfrmuserrcvmsg+0x832/0xc00 netlinkrcvskb+0x613/0x780 xfrmnetlinkrcv+0x77/0xc0 netlinkunicast+0xe90/0x1280 netlinksendmsg+0x126d/0x1490 __sock_sendmsg+0x332/0x3d0 ____sys_sendmsg+0x863/0xc30 ___sys_sendmsg+0x285/0x3e0 __x64syssendmsg+0x2d6/0x560 x64syscall+0x1316/0x3cc0 dosyscall64+0xd8/0x1c0 entrySYSCALL64afterhwframe+0x79/0x81
Bytes 328-379 of 732 are uninitialized Memory access of size 732 starts at ffff88800e18e000 Data copied to user address 00007ff30f48aff0
CPU: 2 PID: 18167 Comm: syz-executor.0 Not tainted 6.8.11 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Fixes copying of xfrm algorithms where some random data of the structure fields can end up in userspace. Padding in structures may be filled with random (possibly sensitve) data and should never be given directly to user-space.
A similar issue was resolved in the commit 8222d5910dae ("xfrm: Zero padding when dumping algos and encap")
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50110.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1e8fbd2441cb2ea28d6825f2985bf7d84af060bb
- https://git.kernel.org/stable/c/610d4cea9b442b22b4820695fc3335e64849725e
- https://git.kernel.org/stable/c/6889cd2a93e1e3606b3f6e958aa0924e836de4d2
- https://git.kernel.org/stable/c/c73bca72b84b453c8d26a5e7673b20adb294bf54
- https://git.kernel.org/stable/c/dc2ad8e8818e4bf1a93db78d81745b4877b32972
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50110.json
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-50110
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc7a5899eb26e2a4d516d53f65b6dd67be2228041Fixed610d4cea9b442b22b4820695fc3335e64849725eFixeddc2ad8e8818e4bf1a93db78d81745b4877b32972Fixedc73bca72b84b453c8d26a5e7673b20adb294bf54Fixed1e8fbd2441cb2ea28d6825f2985bf7d84af060bbFixed6889cd2a93e1e3606b3f6e958aa0924e836de4d2