CVE-2024-53066
- Source
- https://cve.org/CVERecord?id=CVE-2024-53066
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53066.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-53066
- Downstream
- Related
- Published
- 2024-11-19T17:22:35.389Z
- Modified
- 2026-05-18T05:59:02.721076754Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- nfs: Fix KMSAN warning in decode_getfattr_attrs()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nfs: Fix KMSAN warning in decodegetfattrattrs()
Fix the following KMSAN warning:
CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009)
===================================================== BUG: KMSAN: uninit-value in decodegetfattrattrs+0x2d6d/0x2f90 decodegetfattrattrs+0x2d6d/0x2f90 decodegetfattrgeneric+0x806/0xb00 nfs4xdrdecgetattr+0x1de/0x240 rpcauthunwraprespdecode+0xab/0x100 rpcauthunwrapresp+0x95/0xc0 call_decode+0x4ff/0xb50 __rpcexecute+0x57b/0x19d0 rpcexecute+0x368/0x5e0 rpcruntask+0xcfe/0xee0 nfs4procgetattr+0x5b5/0x990 __nfsrevalidateinode+0x477/0xd00 nfs_accessgetcached+0x1021/0x1cc0 nfsdoaccess+0x9f/0xae0 nfspermission+0x1e4/0x8c0 inodepermission+0x356/0x6c0 linkpathwalk+0x958/0x1330 pathlookupat+0xce/0x6b0 filenamelookup+0x23e/0x770 vfsstatx+0xe7/0x970 vfsfstatat+0x1f2/0x2c0 __sesysnewfstatat+0x67/0x880 __x64sysnewfstatat+0xbd/0x120 x64syscall+0x1826/0x3cf0 dosyscall64+0xd0/0x1b0 entrySYSCALL64afterhwframe+0x77/0x7f
The KMSAN warning is triggered in decodegetfattrattrs(), when calling decodeattrmdsthreshold(). It appears that fattr->mdsthreshold is not initialized.
Fix the issue by initializing fattr->mdsthreshold to NULL in nfsfattrinit().
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53066.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/25ffd294fef81a7f3cd9528adf21560c04d98747
- https://git.kernel.org/stable/c/8fc5ea9231af9122d227c9c13f5e578fca48d2e3
- https://git.kernel.org/stable/c/9b453e8b108a5a93a6e348cf2ba4c9c138314a00
- https://git.kernel.org/stable/c/9be0a21ae52b3b822d0eec4d14e909ab394f8a92
- https://git.kernel.org/stable/c/bbfcd261cc068fe1cd02a4e871275074a0daa4e2
- https://git.kernel.org/stable/c/dc270d7159699ad6d11decadfce9633f0f71c1db
- https://git.kernel.org/stable/c/f6b2b2b981af8e7d7c62d34143acefa4e1edfe8b
- https://git.kernel.org/stable/c/f749cb60a01f8391c760a1d6ecd938cadacf9549
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53066.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-53066
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced88034c3d88c2c48b215f2cc5eb22e564aa817f9cFixed25ffd294fef81a7f3cd9528adf21560c04d98747Fixedbbfcd261cc068fe1cd02a4e871275074a0daa4e2Fixed8fc5ea9231af9122d227c9c13f5e578fca48d2e3Fixed9b453e8b108a5a93a6e348cf2ba4c9c138314a00Fixedf6b2b2b981af8e7d7c62d34143acefa4e1edfe8bFixedf749cb60a01f8391c760a1d6ecd938cadacf9549Fixed9be0a21ae52b3b822d0eec4d14e909ab394f8a92Fixeddc270d7159699ad6d11decadfce9633f0f71c1db
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced3.5.0Fixed4.19.324
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.286
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.230
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.172
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.117
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.61
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.11.8