{"uuid": "cd7c24cd-97d0-4db9-a723-75e11e7e3800", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42076", "type": "seen", "source": "https://t.me/cvedetector/1886", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42076 - Linux Kernel CAN: j1939: Kernel Infoleak\", \n  \"Content\": \"CVE ID : CVE-2024-42076 \nPublished : July 29, 2024, 4:15 p.m. | 26\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet: can: j1939: Initialize unused data in j1939_send_one()  \n  \nsyzbot reported kernel-infoleak in raw_recvmsg() [1]. j1939_send_one()  \ncreates full frame including unused data, but it doesn't initialize  \nit. This causes the kernel-infoleak issue. Fix this by initializing  \nunused data.  \n  \n[1]  \nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]  \nBUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline]  \nBUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline]  \nBUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]  \nBUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline]  \nBUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185  \n instrument_copy_to_user include/linux/instrumented.h:114 [inline]  \n copy_to_user_iter lib/iov_iter.c:24 [inline]  \n iterate_ubuf include/linux/iov_iter.h:29 [inline]  \n iterate_and_advance2 include/linux/iov_iter.h:245 [inline]  \n iterate_and_advance include/linux/iov_iter.h:271 [inline]  \n _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185  \n copy_to_iter include/linux/uio.h:196 [inline]  \n memcpy_to_msg include/linux/skbuff.h:4113 [inline]  \n raw_recvmsg+0x2b8/0x9e0 net/can/raw.c:1008  \n sock_recvmsg_nosec net/socket.c:1046 [inline]  \n sock_recvmsg+0x2c4/0x340 net/socket.c:1068  \n ____sys_recvmsg+0x18a/0x620 net/socket.c:2803  \n ___sys_recvmsg+0x223/0x840 net/socket.c:2845  \n do_recvmmsg+0x4fc/0xfd0 net/socket.c:2939  \n __sys_recvmmsg net/socket.c:3018 [inline]  \n __do_sys_recvmmsg net/socket.c:3041 [inline]  \n __se_sys_recvmmsg net/socket.c:3034 [inline]  \n __x64_sys_recvmmsg+0x397/0x490 net/socket.c:3034  \n x64_sys_call+0xf6c/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:300  \n do_syscall_x64 arch/x86/entry/common.c:52 [inline]  \n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83  \n entry_SYSCALL_64_after_hwframe+0x77/0x7f  \n  \nUninit was created at:  \n slab_post_alloc_hook mm/slub.c:3804 [inline]  \n slab_alloc_node mm/slub.c:3845 [inline]  \n kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888  \n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577  \n __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668  \n alloc_skb include/linux/skbuff.h:1313 [inline]  \n alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504  \n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795  \n sock_alloc_send_skb include/net/sock.h:1842 [inline]  \n j1939_sk_alloc_skb net/can/j1939/socket.c:878 [inline]  \n j1939_sk_send_loop net/can/j1939/socket.c:1142 [inline]  \n j1939_sk_sendmsg+0xc0a/0x2730 net/can/j1939/socket.c:1277  \n sock_sendmsg_nosec net/socket.c:730 [inline]  \n __sock_sendmsg+0x30f/0x380 net/socket.c:745  \n ____sys_sendmsg+0x877/0xb60 net/socket.c:2584  \n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638  \n __sys_sendmsg net/socket.c:2667 [inline]  \n __do_sys_sendmsg net/socket.c:2676 [inline]  \n __se_sys_sendmsg net/socket.c:2674 [inline]  \n __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2674  \n x64_sys_call+0xc4b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:47  \n do_syscall_x64 arch/x86/entry/common.c:52 [inline]  \n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83  \n entry_SYSCALL_64_after_hwframe+0x77/0x7f  \n  \nBytes 12-15 of 16 are uninitialized  \nMemory access of size 16 starts at ffff888120969690  \nData copied to user address 00000000200017c0  \n  \nCPU: 1 PID: 5050 Comm: syz-executor198 Not tainted 6.9.0-rc5-syzkaller-00031-g71b1543c83d6 #0  \nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T18:48:42.000000Z"}