CVE-2024-53101

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.65

Description The issue is related to an uninitialized value problem in the Linux kernel, specifically in the from kuid and from kgid functions. The ocfs2 setattr() function uses attr->ia mode, attr->ia uid, and attr->ia gid in a trace point, even though ATTR MODE, ATTR UID, and ATTR GID are not set. To fix this, all fields of newattrs are initialized to avoid uninitialized variables by checking if ATTR MODE, ATTR UID, and ATTR GID are initialized, otherwise setting them to 0.

Recommendations For Linux kernel versions prior to 6.6.65, update to version 6.6.65 or later to resolve the issue. As a temporary workaround, consider disabling the ocfs2 setattr() function until a patch is available. Restrict access to the vulnerable ocfs2 module to minimize the risk of exploitation. Avoid using the parameters ia mode, ia uid, and ia gid in the affected trace point until the issue is resolved.