Описание
In the Linux kernel, the following vulnerability has been resolved:
block: initialize integrity buffer to zero before writing it to media
Metadata added by bio_integrity_prep is using plain kmalloc, which leads
to random kernel memory being written media. For PI metadata this is
limited to the app tag that isn't used by kernel generated metadata,
but for non-PI metadata the entire buffer leaks kernel memory.
Fix this by adding the __GFP_ZERO flag to allocations for writes.
A flaw was found in the Linux kernel, where it initialized the integrity buffer to zero before writing it to media. Metadata added by bio_integrity_prep uses plain kmalloc, which leads to random kernel memory being written. Protection Information (PI) metadata is limited to the app tag not used by kernel-generated metadata, but for non-PI metadata, the entire buffer leaks kernel memory, potentially exposing sensitive internal kernel data.
Меры по смягчению последствий
Fix this issue by adding the __GFP_ZERO flag to allocations for writes.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Out of support scope | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2024:8870 | 05.11.2024 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2024:8856 | 05.11.2024 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2024:10939 | 11.12.2024 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2024:8617 | 30.10.2024 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2024:10939 | 11.12.2024 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2024:8617 | 30.10.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: block: initialize integrity buffer to zero before writing it to media Metadata added by bio_integrity_prep is using plain kmalloc, which leads to random kernel memory being written media. For PI metadata this is limited to the app tag that isn't used by kernel generated metadata, but for non-PI metadata the entire buffer leaks kernel memory. Fix this by adding the __GFP_ZERO flag to allocations for writes.
In the Linux kernel, the following vulnerability has been resolved: block: initialize integrity buffer to zero before writing it to media Metadata added by bio_integrity_prep is using plain kmalloc, which leads to random kernel memory being written media. For PI metadata this is limited to the app tag that isn't used by kernel generated metadata, but for non-PI metadata the entire buffer leaks kernel memory. Fix this by adding the __GFP_ZERO flag to allocations for writes.
In the Linux kernel, the following vulnerability has been resolved: b ...
In the Linux kernel, the following vulnerability has been resolved: block: initialize integrity buffer to zero before writing it to media Metadata added by bio_integrity_prep is using plain kmalloc, which leads to random kernel memory being written media. For PI metadata this is limited to the app tag that isn't used by kernel generated metadata, but for non-PI metadata the entire buffer leaks kernel memory. Fix this by adding the __GFP_ZERO flag to allocations for writes.
EPSS
5.5 Medium
CVSS3