CVE-2024-53101

Dec. 19, 2024, 6:08 p.m.

5.5
Medium

Description

In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in from_kuid and from_kgid ocfs2_setattr() uses attr->ia_mode, attr->ia_uid and attr->ia_gid in a trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren't set. Initialize all fields of newattrs to avoid uninitialized variables, by checking if ATTR_MODE, ATTR_UID, ATTR_GID are initialized, otherwise 0.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *, 6.12

Weaknesses

CWE-908
Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.

*CPE(s)

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel 6.12 rc1 / / / / / /
o linux linux_kernel 6.12 rc2 / / / / / /
o linux linux_kernel 6.12 rc3 / / / / / /
o linux linux_kernel 6.12 rc4 / / / / / /
o linux linux_kernel 6.12 rc5 / / / / / /
o linux linux_kernel 6.12 rc6 / / / / / /
o linux linux_kernel 6.12 rc7 / / / / / /

References

https://git.kernel.org/stable/c/15f34347481648a567db67fb473c23befb796af5
https://git.kernel.org/stable/c/17ecb40c5cc7755a321fb6148cba5797431ee5b8
https://git.kernel.org/stable/c/1c28bca1256aecece6e94b26b85cd07e08b0dc90
https://git.kernel.org/stable/c/1cb5bfc5bfc651982b6203c224d49b7ddacf28bc
https://git.kernel.org/stable/c/5a72b0d3497b818d8f000c347a7c11801eb27bfc
https://git.kernel.org/stable/c/9db25c2b41c34963c3ccf473b08171f87670652e
https://git.kernel.org/stable/c/a0c77e5e3dcbffc7c6080ccc89c037f0c86496cf
https://git.kernel.org/stable/c/b3e612bd8f64ce62e731e95f635e06a2efe3c80c

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-908
2024-11-25
CVE-2024-53101

CVSS Score

5.5 / 10

CVSS Data

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Date

  • Published: Nov. 25, 2024, 10:15 p.m.
  • Last Modified: Dec. 19, 2024, 6:08 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.