CVE-2024-26901

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A kernel information leak vulnerability was identified in the do sys name to handle() function. The vulnerability allows for the disclosure of sensitive information. The issue arises from the use of kmalloc() instead of kzalloc(), leading to uninitialized memory being accessed. The vulnerability was detected by syzbot, which issued a report detailing the issue. The report indicates that the vulnerability occurs in the instrument copy to user function, specifically in the copy to user and copy to user functions. The vulnerability can be exploited to cause a denial of service.

Recommendations To resolve the issue, use kzalloc() instead of kmalloc() in the do sys name to handle() function to ensure that the allocated memory is initialized. As a temporary workaround, consider disabling the do sys name to handle() function until a patch is available. However, since the provided information suggests that the issue is resolved by using kzalloc(), the primary recommendation is to apply this fix. At the moment, there is no information about a newer version that contains a fix for this vulnerability, but using kzalloc() as suggested should mitigate the issue.