PT-2024-35530 · Linux+7 · Linux Kernel+7
Published
2024-10-25
·
Updated
2025-10-03
·
CVE-2024-53066
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A vulnerability has been resolved in the Linux kernel, related to an uninitialized variable in the
decode getfattr attrs() function. The issue is triggered when calling decode attr mdsthreshold(), and it appears that fattr->mdsthreshold is not initialized. This vulnerability can cause a KMSAN warning.Recommendations
To resolve the issue, initialize
fattr->mdsthreshold to NULL in nfs fattr init(). As a temporary workaround, consider disabling the decode getfattr attrs() function until a patch is available. Restrict access to the vulnerable nfs module to minimize the risk of exploitation. Avoid using the fattr->mdsthreshold variable in the affected API endpoints until the issue is resolved.Exploit
Fix
Use of Uninitialized Resource
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu