{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-26973", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.203Z", "datePublished": "2024-05-01T05:20:09.420Z", "dateUpdated": "2024-09-11T17:33:44.022Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:26:11.504Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfat: fix uninitialized field in nostale filehandles\n\nWhen fat_encode_fh_nostale() encodes file handle without a parent it\nstores only first 10 bytes of the file handle. However the length of the\nfile handle must be a multiple of 4 so the file handle is actually 12\nbytes long and the last two bytes remain uninitialized. This is not\ngreat at we potentially leak uninitialized information with the handle\nto userspace. Properly initialize the full handle length."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/fat/nfs.c"], "versions": [{"version": "ea3983ace6b7", "lessThan": "9840d1897e28", "status": "affected", "versionType": "git"}, {"version": "ea3983ace6b7", "lessThan": "f52d7663a10a", "status": "affected", "versionType": "git"}, {"version": "ea3983ace6b7", "lessThan": "a276c595c3a6", "status": "affected", "versionType": "git"}, {"version": "ea3983ace6b7", "lessThan": "b7fb63e807c6", "status": "affected", "versionType": "git"}, {"version": "ea3983ace6b7", "lessThan": "c8cc05de8e6b", "status": "affected", "versionType": "git"}, {"version": "ea3983ace6b7", "lessThan": "03a7e3f2ba3c", "status": "affected", "versionType": "git"}, {"version": "ea3983ace6b7", "lessThan": "74f852654b8b", "status": "affected", "versionType": "git"}, {"version": "ea3983ace6b7", "lessThan": "cdd33d54e789", "status": "affected", "versionType": "git"}, {"version": "ea3983ace6b7", "lessThan": "fde2497d2bc3", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/fat/nfs.c"], "versions": [{"version": "3.10", "status": "affected"}, {"version": "0", "lessThan": "3.10", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.312", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.274", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.215", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.154", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.84", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.24", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.7.12", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8.3", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/9840d1897e28f8733cc1e38f97e044f987dc0a63"}, {"url": "https://git.kernel.org/stable/c/f52d7663a10a1266a2d3871a6dd8fd111edc549f"}, {"url": "https://git.kernel.org/stable/c/a276c595c3a629170b0f052a3724f755d7c6adc6"}, {"url": "https://git.kernel.org/stable/c/b7fb63e807c6dadf7ecc1d43448c4f1711d7eeee"}, {"url": "https://git.kernel.org/stable/c/c8cc05de8e6b5612b6e9f92c385c1a064b0db375"}, {"url": "https://git.kernel.org/stable/c/03a7e3f2ba3ca25f1da1d3898709a08db14c1abb"}, {"url": "https://git.kernel.org/stable/c/74f852654b8b7866f15323685f1e178d3386c688"}, {"url": "https://git.kernel.org/stable/c/cdd33d54e789d229d6d5007cbf3f53965ca1a5c6"}, {"url": "https://git.kernel.org/stable/c/fde2497d2bc3a063d8af88b258dbadc86bd7b57c"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "title": "fat: fix uninitialized field in nostale filehandles", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.673Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/9840d1897e28f8733cc1e38f97e044f987dc0a63", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f52d7663a10a1266a2d3871a6dd8fd111edc549f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a276c595c3a629170b0f052a3724f755d7c6adc6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b7fb63e807c6dadf7ecc1d43448c4f1711d7eeee", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c8cc05de8e6b5612b6e9f92c385c1a064b0db375", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/03a7e3f2ba3ca25f1da1d3898709a08db14c1abb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/74f852654b8b7866f15323685f1e178d3386c688", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cdd33d54e789d229d6d5007cbf3f53965ca1a5c6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/fde2497d2bc3a063d8af88b258dbadc86bd7b57c", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26973", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:45:13.490208Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:44.022Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/9840d1897e28f8733cc1e38f97e044f987dc0a63", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f52d7663a10a1266a2d3871a6dd8fd111edc549f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a276c595c3a629170b0f052a3724f755d7c6adc6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b7fb63e807c6dadf7ecc1d43448c4f1711d7eeee", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c8cc05de8e6b5612b6e9f92c385c1a064b0db375", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/03a7e3f2ba3ca25f1da1d3898709a08db14c1abb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/74f852654b8b7866f15323685f1e178d3386c688", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cdd33d54e789d229d6d5007cbf3f53965ca1a5c6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/fde2497d2bc3a063d8af88b258dbadc86bd7b57c", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.673Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26973", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:45:13.490208Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:18.394Z"}}], "cna": {"title": "fat: fix uninitialized field in nostale filehandles", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "ea3983ace6b7", "lessThan": "9840d1897e28", "versionType": "git"}, {"status": "affected", "version": "ea3983ace6b7", "lessThan": "f52d7663a10a", "versionType": "git"}, {"status": "affected", "version": "ea3983ace6b7", "lessThan": "a276c595c3a6", "versionType": "git"}, {"status": "affected", "version": "ea3983ace6b7", "lessThan": "b7fb63e807c6", "versionType": "git"}, {"status": "affected", "version": "ea3983ace6b7", "lessThan": "c8cc05de8e6b", "versionType": "git"}, {"status": "affected", "version": "ea3983ace6b7", "lessThan": "03a7e3f2ba3c", "versionType": "git"}, {"status": "affected", "version": "ea3983ace6b7", "lessThan": "74f852654b8b", "versionType": "git"}, {"status": "affected", "version": "ea3983ace6b7", "lessThan": "cdd33d54e789", "versionType": "git"}, {"status": "affected", "version": "ea3983ace6b7", "lessThan": "fde2497d2bc3", "versionType": "git"}], "programFiles": ["fs/fat/nfs.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.10"}, {"status": "unaffected", "version": "0", "lessThan": "3.10", "versionType": "custom"}, {"status": "unaffected", "version": "4.19.312", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.274", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.215", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.154", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.84", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.24", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.12", "versionType": "custom", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.3", "versionType": "custom", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/fat/nfs.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/9840d1897e28f8733cc1e38f97e044f987dc0a63"}, {"url": "https://git.kernel.org/stable/c/f52d7663a10a1266a2d3871a6dd8fd111edc549f"}, {"url": "https://git.kernel.org/stable/c/a276c595c3a629170b0f052a3724f755d7c6adc6"}, {"url": "https://git.kernel.org/stable/c/b7fb63e807c6dadf7ecc1d43448c4f1711d7eeee"}, {"url": "https://git.kernel.org/stable/c/c8cc05de8e6b5612b6e9f92c385c1a064b0db375"}, {"url": "https://git.kernel.org/stable/c/03a7e3f2ba3ca25f1da1d3898709a08db14c1abb"}, {"url": "https://git.kernel.org/stable/c/74f852654b8b7866f15323685f1e178d3386c688"}, {"url": "https://git.kernel.org/stable/c/cdd33d54e789d229d6d5007cbf3f53965ca1a5c6"}, {"url": "https://git.kernel.org/stable/c/fde2497d2bc3a063d8af88b258dbadc86bd7b57c"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfat: fix uninitialized field in nostale filehandles\n\nWhen fat_encode_fh_nostale() encodes file handle without a parent it\nstores only first 10 bytes of the file handle. However the length of the\nfile handle must be a multiple of 4 so the file handle is actually 12\nbytes long and the last two bytes remain uninitialized. This is not\ngreat at we potentially leak uninitialized information with the handle\nto userspace. Properly initialize the full handle length."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:26:11.504Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26973", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:33:44.022Z", "dateReserved": "2024-02-19T14:20:24.203Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-01T05:20:09.420Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfat: fix uninitialized field in nostale filehandles\n\nWhen fat_encode_fh_nostale() encodes file handle without a parent it\nstores only first 10 bytes of the file handle. However the length of the\nfile handle must be a multiple of 4 so the file handle is actually 12\nbytes long and the last two bytes remain uninitialized. This is not\ngreat at we potentially leak uninitialized information with the handle\nto userspace. Properly initialize the full handle length."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fat: corrige el campo no inicializado en los identificadores de archivos notale Cuando fat_encode_fh_nostale() codifica el identificador de archivo sin un padre, almacena solo los primeros 10 bytes del identificador de archivo. Sin embargo, la longitud del identificador del archivo debe ser m\u00faltiplo de 4, por lo que el identificador del archivo tiene en realidad 12 bytes de longitud y los dos \u00faltimos bytes permanecen sin inicializar. Esto no es bueno porque potencialmente filtramos informaci\u00f3n no inicializada con el identificador al espacio de usuario. Inicialice correctamente toda la longitud del mango."}], "id": "CVE-2024-26973", "lastModified": "2024-06-27T12:15:23.210", "metrics": {}, "published": "2024-05-01T06:15:13.920", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/03a7e3f2ba3ca25f1da1d3898709a08db14c1abb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/74f852654b8b7866f15323685f1e178d3386c688"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9840d1897e28f8733cc1e38f97e044f987dc0a63"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a276c595c3a629170b0f052a3724f755d7c6adc6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b7fb63e807c6dadf7ecc1d43448c4f1711d7eeee"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c8cc05de8e6b5612b6e9f92c385c1a064b0db375"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cdd33d54e789d229d6d5007cbf3f53965ca1a5c6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f52d7663a10a1266a2d3871a6dd8fd111edc549f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fde2497d2bc3a063d8af88b258dbadc86bd7b57c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:3627", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.5.1.rt7.346.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:3618", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.5.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-06-05T00:00:00Z"}], "bugzilla": {"description": "kernel: fat: fix uninitialized field in nostale filehandles", "id": "2278356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278356"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nfat: fix uninitialized field in nostale filehandles\nWhen fat_encode_fh_nostale() encodes file handle without a parent it\nstores only first 10 bytes of the file handle. However the length of the\nfile handle must be a multiple of 4 so the file handle is actually 12\nbytes long and the last two bytes remain uninitialized. This is not\ngreat at we potentially leak uninitialized information with the handle\nto userspace. Properly initialize the full handle length."], "name": "CVE-2024-26973", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26973\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26973\nhttps://lore.kernel.org/linux-cve-announce/2024050132-CVE-2024-26973-54a3@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 4.19.312, kernel 5.4.274, kernel 5.10.215, kernel 5.15.154, kernel 6.1.84, kernel 6.6.24, kernel 6.7.12, kernel 6.8.3, kernel 6.9-rc1"}