CVE: CVE-2024-42076

Descrizione: “` In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: Initialize unused data in j1939_send_one() syzbot reported kernel-infoleak in raw_recvmsg() [1]. j1939_send_one() creates full frame including unused data, but it doesn’t initialize it. This causes the kernel-infoleak issue. Fix this by initializing unused data. [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumed.h:114 [inline] BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185 instrument_copy_to_user include/linux/instrumed.h:114 [inline] “`

Vettore di attacco

Riferimenti esterni

• https://git.kernel.org/stable/c/5e4ed38eb17eaca42de57d500cc0f9668d2b6abf
• https://git.kernel.org/stable/c/a2a0ebff7fdeb2f66e29335adf64b9e457300dd4
• https://git.kernel.org/stable/c/4c5dc3927e17489c1cae6f48c0d5e4acb4cae01f
• https://git.kernel.org/stable/c/f97cbce633923588307049c4aef9feb2987e371b
• https://git.kernel.org/stable/c/ab2a683938ba4416d389c2f5651cbbb2c41b779f
• https://git.kernel.org/stable/c/ba7e5ae8208ac07d8e1eace0951a34c169a2d298
• https://git.kernel.org/stable/c/b7cdf1dd5d2a2d8200efd98d1893684db48fe134

Prodotti interessati

• Linux – Linux
• Linux – Linux

Relazioni con altri prodotti

Produttore:Linux
Prodotto: Linux
Anno: 2024
CWE:
CVSS: 0.0

Ulteriori risorse disponibili

• Vulnerabilità scoperte nello stesso anno (2024)