{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-44947", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-21T05:34:56.665Z", "datePublished": "2024-09-02T17:36:15.633Z", "dateUpdated": "2024-09-15T17:55:45.226Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-09-15T17:55:45.226Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter)."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/fuse/dev.c"], "versions": [{"version": "a1d75f258230", "lessThan": "49934861514d", "status": "affected", "versionType": "git"}, {"version": "a1d75f258230", "lessThan": "33168db352c7", "status": "affected", "versionType": "git"}, {"version": "a1d75f258230", "lessThan": "4690e2171f65", "status": "affected", "versionType": "git"}, {"version": "a1d75f258230", "lessThan": "8c78303eafbf", "status": "affected", "versionType": "git"}, {"version": "a1d75f258230", "lessThan": "831433527773", "status": "affected", "versionType": "git"}, {"version": "a1d75f258230", "lessThan": "ac42e0f0eb66", "status": "affected", "versionType": "git"}, {"version": "a1d75f258230", "lessThan": "18a067240817", "status": "affected", "versionType": "git"}, {"version": "a1d75f258230", "lessThan": "3c0da3d163eb", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/fuse/dev.c"], "versions": [{"version": "2.6.36", "status": "affected"}, {"version": "0", "lessThan": "2.6.36", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.321", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.283", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.225", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.166", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.107", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.48", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10.7", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a"}, {"url": "https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e"}, {"url": "https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6"}, {"url": "https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9"}, {"url": "https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4"}, {"url": "https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6"}, {"url": "https://git.kernel.org/stable/c/18a067240817bee8a9360539af5d79a4bf5398a5"}, {"url": "https://git.kernel.org/stable/c/3c0da3d163eb32f1f91891efaade027fa9b245b9"}], "title": "fuse: Initialize beyond-EOF page contents before setting uptodate", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-44947", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:27:03.431067Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:15.852Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-44947", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:27:03.431067Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:19.078Z"}}], "cna": {"title": "fuse: Initialize beyond-EOF page contents before setting uptodate", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "a1d75f258230", "lessThan": "49934861514d", "versionType": "git"}, {"status": "affected", "version": "a1d75f258230", "lessThan": "33168db352c7", "versionType": "git"}, {"status": "affected", "version": "a1d75f258230", "lessThan": "4690e2171f65", "versionType": "git"}, {"status": "affected", "version": "a1d75f258230", "lessThan": "8c78303eafbf", "versionType": "git"}, {"status": "affected", "version": "a1d75f258230", "lessThan": "831433527773", "versionType": "git"}, {"status": "affected", "version": "a1d75f258230", "lessThan": "ac42e0f0eb66", "versionType": "git"}, {"status": "affected", "version": "a1d75f258230", "lessThan": "18a067240817", "versionType": "git"}, {"status": "affected", "version": "a1d75f258230", "lessThan": "3c0da3d163eb", "versionType": "git"}], "programFiles": ["fs/fuse/dev.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.36"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.36", "versionType": "custom"}, {"status": "unaffected", "version": "4.19.321", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.283", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.225", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.166", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.107", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.48", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.7", "versionType": "custom", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/fuse/dev.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a"}, {"url": "https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e"}, {"url": "https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6"}, {"url": "https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9"}, {"url": "https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4"}, {"url": "https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6"}, {"url": "https://git.kernel.org/stable/c/18a067240817bee8a9360539af5d79a4bf5398a5"}, {"url": "https://git.kernel.org/stable/c/3c0da3d163eb32f1f91891efaade027fa9b245b9"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter)."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-09-15T17:55:45.226Z"}}}, "cveMetadata": {"cveId": "CVE-2024-44947", "state": "PUBLISHED", "dateUpdated": "2024-09-15T17:55:45.226Z", "dateReserved": "2024-08-21T05:34:56.665Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-09-02T17:36:15.633Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "440A7031-75FA-48A4-A35D-616BE72E784E", "versionEndExcluding": "4.19.321", "versionStartIncluding": "2.6.36", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E6B390A-0CE6-44FC-8CD5-BE8226D6D24C", "versionEndExcluding": "5.4.283", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C57B46A9-B105-4792-8481-1870DEFB436A", "versionEndExcluding": "5.10.225", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "913ED6CD-8ACF-48AF-AA18-7880881DD402", "versionEndExcluding": "5.15.166", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "53954FF8-CB48-4302-BC4C-9DA7A88F44A2", "versionEndExcluding": "6.1.107", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DE9201A-CE6B-4726-BABB-8265EA0F8AE4", "versionEndExcluding": "6.6.48", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2AFDFD1-D95A-4EB7-843B-5E7659518B67", "versionEndExcluding": "6.10.7", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter)."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fuse: inicializar el contenido de la p\u00e1gina m\u00e1s all\u00e1 del EOF antes de configurar uptodate fuse_notify_store(), a diferencia de fuse_do_readpage(), no habilita la puesta a cero de la p\u00e1gina (porque se puede usar para cambiar el contenido parcial de la p\u00e1gina). Por lo tanto, fuse_notify_store() debe ser m\u00e1s cuidadoso para inicializar por completo el contenido de la p\u00e1gina (incluidas las partes de la p\u00e1gina que est\u00e1n m\u00e1s all\u00e1 del fin del archivo) antes de marcar la p\u00e1gina como actualizada. El c\u00f3digo actual puede dejar el contenido de la p\u00e1gina m\u00e1s all\u00e1 del EOF sin inicializar, lo que hace que este contenido de p\u00e1gina no inicializado sea visible para el espacio de usuario a trav\u00e9s de mmap(). Esta es una fuga de informaci\u00f3n, pero solo afecta a los sistemas que no habilitan init-on-alloc (a trav\u00e9s de CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y o el par\u00e1metro de l\u00ednea de comandos del kernel correspondiente)."}], "id": "CVE-2024-44947", "lastModified": "2024-09-16T17:52:37.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-09-02T18:15:36.577", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/18a067240817bee8a9360539af5d79a4bf5398a5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3c0da3d163eb32f1f91891efaade027fa9b245b9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-665"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: fuse: Initialize beyond-EOF page contents before setting uptodate", "id": "2309273", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309273"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nfuse: Initialize beyond-EOF page contents before setting uptodate\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter)."], "name": "CVE-2024-44947", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-09-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-44947\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-44947\nhttps://lore.kernel.org/linux-cve-announce/2024090219-CVE-2024-44947-f49c@gregkh/T"], "threat_severity": "Moderate"}