5.5

CVE-2024-53101

fs: Fix uninitialized value issue in from_kuid and from_kgid

In the Linux kernel, the following vulnerability has been resolved:

fs: Fix uninitialized value issue in from_kuid and from_kgid

ocfs2_setattr() uses attr->ia_mode, attr->ia_uid and attr->ia_gid in
a trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren't set.

Initialize all fields of newattrs to avoid uninitialized variables, by
checking if ATTR_MODE, ATTR_UID, ATTR_GID are initialized, otherwise 0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.19.324
LinuxLinux Kernel Version >= 4.20 < 5.4.286
LinuxLinux Kernel Version >= 5.5 < 5.10.230
LinuxLinux Kernel Version >= 5.11 < 5.15.173
LinuxLinux Kernel Version >= 5.16 < 6.1.118
LinuxLinux Kernel Version >= 6.2 < 6.6.62
LinuxLinux Kernel Version >= 6.7 < 6.11.9
LinuxLinux Kernel Version6.12 Updaterc1
LinuxLinux Kernel Version6.12 Updaterc2
LinuxLinux Kernel Version6.12 Updaterc3
LinuxLinux Kernel Version6.12 Updaterc4
LinuxLinux Kernel Version6.12 Updaterc5
LinuxLinux Kernel Version6.12 Updaterc6
LinuxLinux Kernel Version6.12 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.158
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/15f34347481648a567db67fb473c23befb796af5
Patch
https://git.kernel.org/stable/c/17ecb40c5cc7755a321fb6148cba5797431ee5b8
Patch
https://git.kernel.org/stable/c/1c28bca1256aecece6e94b26b85cd07e08b0dc90
Patch
https://git.kernel.org/stable/c/1cb5bfc5bfc651982b6203c224d49b7ddacf28bc
Patch
https://git.kernel.org/stable/c/5a72b0d3497b818d8f000c347a7c11801eb27bfc
Patch
https://git.kernel.org/stable/c/9db25c2b41c34963c3ccf473b08171f87670652e
Patch
https://git.kernel.org/stable/c/a0c77e5e3dcbffc7c6080ccc89c037f0c86496cf
Patch
https://git.kernel.org/stable/c/b3e612bd8f64ce62e731e95f635e06a2efe3c80c
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
https://cert-portal.siemens.com/productcert/html/ssa-355557.html