{ "threat_severity" : "Low", "public_date" : "2024-03-18T00:00:00Z", "bugzilla" : { "description" : "kernel: nbd: always initialize struct msghdr completely", "id" : "2270103", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2270103" }, "cvss3" : { "cvss3_base_score" : "4.4", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-456", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnbd: always initialize struct msghdr completely\nsyzbot complains that msg->msg_get_inq value can be uninitialized [1]\nstruct msghdr got many new fields recently, we should always make\nsure their values is zero by default.\n[1]\nBUG: KMSAN: uninit-value in tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571\ntcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571\ninet_recvmsg+0x131/0x580 net/ipv4/af_inet.c:879\nsock_recvmsg_nosec net/socket.c:1044 [inline]\nsock_recvmsg+0x12b/0x1e0 net/socket.c:1066\n__sock_xmit+0x236/0x5c0 drivers/block/nbd.c:538\nnbd_read_reply drivers/block/nbd.c:732 [inline]\nrecv_work+0x262/0x3100 drivers/block/nbd.c:863\nprocess_one_work kernel/workqueue.c:2627 [inline]\nprocess_scheduled_works+0x104e/0x1e70 kernel/workqueue.c:2700\nworker_thread+0xf45/0x1490 kernel/workqueue.c:2781\nkthread+0x3ed/0x540 kernel/kthread.c:388\nret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147\nret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242\nLocal variable msg created at:\n__sock_xmit+0x4c/0x5c0 drivers/block/nbd.c:513\nnbd_read_reply drivers/block/nbd.c:732 [inline]\nrecv_work+0x262/0x3100 drivers/block/nbd.c:863\nCPU: 1 PID: 7465 Comm: kworker/u5:1 Not tainted 6.7.0-rc7-syzkaller-00041-gf016f7547aee #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\nWorkqueue: nbd5-recv recv_work" ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-09-24T00:00:00Z", "advisory" : "RHSA-2024:7000", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-553.22.1.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2025-06-25T00:00:00Z", "advisory" : "RHSA-2025:9584", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "kernel-0:5.14.0-427.74.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-26638\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26638\nhttps://lore.kernel.org/linux-cve-announce/20240318101458.2835626-16-lee@kernel.org/T" ], "name" : "CVE-2024-26638", "csaw" : false }