cve-2024-36923
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-12-02 07:59
Severity ?
Summary
fs/9p: fix uninitialized values during inode evict
Impacted products
Vendor Product Version
Linux Linux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36923",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-06T18:33:14.154322Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T18:33:22.128Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.102Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1b4cb6e91f19b81217ad98142ee53a1ab25893fd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6630036b7c228f57c7893ee0403e92c2db2cd21d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/9p/vfs_inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "18cf70263551",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "3a741b80b345",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "1b4cb6e91f19",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "6630036b7c22",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/9p/vfs_inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: fix uninitialized values during inode evict\n\nIf an iget fails due to not being able to retrieve information\nfrom the server then the inode structure is only partially\ninitialized.  When the inode gets evicted, references to\nuninitialized structures (like fscache cookies) were being\nmade.\n\nThis patch checks for a bad_inode before doing anything other\nthan clearing the inode from the cache.  Since the inode is\nbad, it shouldn\u0027t have any state associated with it that needs\nto be written back (and there really isn\u0027t a way to complete\nthose anyways)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-02T07:59:29.407Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/18cf7026355187b8d2b4cdfed61dbf873e9d29ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/3a741b80b3457f079cf637e47800fb7bf8038ad6"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b4cb6e91f19b81217ad98142ee53a1ab25893fd"
        },
        {
          "url": "https://git.kernel.org/stable/c/6630036b7c228f57c7893ee0403e92c2db2cd21d"
        }
      ],
      "title": "fs/9p: fix uninitialized values during inode evict",
      "x_generator": {
        "engine": "bippy-8e903de6a542"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36923",
    "datePublished": "2024-05-30T15:29:17.528Z",
    "dateReserved": "2024-05-30T15:25:07.069Z",
    "dateUpdated": "2024-12-02T07:59:29.407Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-36923\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-30T16:15:15.547\",\"lastModified\":\"2024-12-02T08:15:06.143\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nfs/9p: fix uninitialized values during inode evict\\n\\nIf an iget fails due to not being able to retrieve information\\nfrom the server then the inode structure is only partially\\ninitialized.  When the inode gets evicted, references to\\nuninitialized structures (like fscache cookies) were being\\nmade.\\n\\nThis patch checks for a bad_inode before doing anything other\\nthan clearing the inode from the cache.  Since the inode is\\nbad, it shouldn\u0027t have any state associated with it that needs\\nto be written back (and there really isn\u0027t a way to complete\\nthose anyways).\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/9p: corrige valores no inicializados durante el desalojo de inodo. Si un iget falla debido a que no puede recuperar informaci\u00f3n del servidor, entonces la estructura del inodo solo se inicializa parcialmente. Cuando se expulsa el inodo, se hac\u00edan referencias a estructuras no inicializadas (como cookies fscache). Este parche busca un bad_inode antes de hacer cualquier otra cosa que no sea borrar el inodo del cach\u00e9. Dado que el inodo es malo, no deber\u00eda tener ning\u00fan estado asociado que deba reescribirse (y realmente no hay una manera de completarlo de todos modos).\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/18cf7026355187b8d2b4cdfed61dbf873e9d29ff\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1b4cb6e91f19b81217ad98142ee53a1ab25893fd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3a741b80b3457f079cf637e47800fb7bf8038ad6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6630036b7c228f57c7893ee0403e92c2db2cd21d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1b4cb6e91f19b81217ad98142ee53a1ab25893fd\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/6630036b7c228f57c7893ee0403e92c2db2cd21d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.