CVE-2024-53142

Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)

Description The issue concerns a filename buffer overrun in the Linux kernel's initramfs. The initramfs filename field is defined with a specific format that includes a zero-terminator. However, when extracting an initramfs cpio archive, the kernel's path handler assumes a zero-terminated path, which can lead to the creation of a file with trailing characters representing uninitialized memory if a specially crafted cpio entry carries a non-zero-terminated filename. This ability to create an initramfs entry implies already having full control of the system, so the buffer overrun is not considered a security vulnerability.

To observe the issue, one can append the output of a provided bash script to an existing initramfs and look for any created /initramfs test fname overrunAA* path. The script generates a cpio entry with a non-zero-terminated filename, followed by uninitialized memory. The easiest way to observe non-zero uninitialized memory is when the output is gzipped, as it overflows the heap allocated buffer in gunzip().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.