CVE-2024-53155
- Source
- https://cve.org/CVERecord?id=CVE-2024-53155
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53155.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-53155
- Downstream
- Related
- Published
- 2024-12-24T11:28:54.241Z
- Modified
- 2026-03-20T12:40:46.955636Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- ocfs2: fix uninitialized value in ocfs2_file_read_iter()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix uninitialized value in ocfs2fileread_iter()
Syzbot has reported the following KMSAN splat:
BUG: KMSAN: uninit-value in ocfs2filereaditer+0x9a4/0xf80 ocfs2filereaditer+0x9a4/0xf80 _ioread+0x8d4/0x20f0 ioread+0x3e/0xf0 ioissuesqe+0x42b/0x22c0 iowqsubmitwork+0xaf9/0xdc0 ioworkerhandlework+0xd13/0x2110 iowqworker+0x447/0x1410 retfromfork+0x6f/0x90 retfromforkasm+0x1a/0x30
Uninit was created at: __allocpagesnoprof+0x9a7/0xe00 allocpagesmpolnoprof+0x299/0x990 allocpagesnoprof+0x1bf/0x1e0 allocateslab+0x33a/0x1250 ___slaballoc+0x12ef/0x35e0 kmemcacheallocbulk_noprof+0x486/0x1330 __ioallocreqrefill+0x84/0x560 iosubmit_sqes+0x172f/0x2f30 __sesysiouringenter+0x406/0x41c0 __x64sysiouringenter+0x11f/0x1a0 x64syscall+0x2b54/0x3ba0 dosyscall64+0xcd/0x1e0 entrySYSCALL64afterhwframe+0x77/0x7f
Since an instance of 'struct kiocb' may be passed from the block layer with 'private' field uninitialized, introduce 'ocfs2iocbinitrwlocked()' and use it from where 'ocfs2dioendio()' might take care, i.e. in 'ocfs2filereaditer()' and 'ocfs2filewrite_iter()'.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53155.json" }- References
-
- https://git.kernel.org/stable/c/366c933c2ab34dd6551acc03b4872726b7605143
- https://git.kernel.org/stable/c/66b7ddd1804e2c4216dd7ead8eeb746cdbb3b62f
- https://git.kernel.org/stable/c/6c8f8d1e595dabd5389817f6d798cc8bd95c40ab
- https://git.kernel.org/stable/c/83f8713a0ef1d55d6a287bcfadcaab8245ac5098
- https://git.kernel.org/stable/c/8c966150d5abff58c3c2bdb9a6e63fd773782905
- https://git.kernel.org/stable/c/8e0de82ed18ba0e71f817adbd81317fd1032ca5a
- https://git.kernel.org/stable/c/adc77b19f62d7e80f98400b2fca9d700d2afdd6f
- https://git.kernel.org/stable/c/dc78efe556fed162d48736ef24066f42e463e27c
- https://git.kernel.org/stable/c/f4078ef38d3163e6be47403a619558b19c4bfccd
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53155.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-53155
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7cdfc3a1c3971c9125c317cb8c2525745851798eFixed6c8f8d1e595dabd5389817f6d798cc8bd95c40abFixedf4078ef38d3163e6be47403a619558b19c4bfccdFixed66b7ddd1804e2c4216dd7ead8eeb746cdbb3b62fFixed8c966150d5abff58c3c2bdb9a6e63fd773782905Fixed83f8713a0ef1d55d6a287bcfadcaab8245ac5098Fixed8e0de82ed18ba0e71f817adbd81317fd1032ca5aFixed366c933c2ab34dd6551acc03b4872726b7605143Fixeddc78efe556fed162d48736ef24066f42e463e27cFixedadc77b19f62d7e80f98400b2fca9d700d2afdd6f