Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2024-41059
HistoryJul 29, 2024 - 3:15 p.m.

CVE-2024-41059

2024-07-2915:15:13
Google
osv.dev
4
linux kernel
hfsplus vulnerability
syzbot
memory allocation fix

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

7.6

Confidence

High

EPSS

0

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

hfsplus: fix uninit-value in copy_name

[syzbot reported]
BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160
sized_strscpy+0xc4/0x160
copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411
hfsplus_listxattr+0x11e9/0x1a50 fs/hfsplus/xattr.c:750
vfs_listxattr fs/xattr.c:493 [inline]
listxattr+0x1f3/0x6b0 fs/xattr.c:840
path_listxattr fs/xattr.c:864 [inline]
__do_sys_listxattr fs/xattr.c:876 [inline]
__se_sys_listxattr fs/xattr.c:873 [inline]
__x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873
x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
slab_post_alloc_hook mm/slub.c:3877 [inline]
slab_alloc_node mm/slub.c:3918 [inline]
kmalloc_trace+0x57b/0xbe0 mm/slub.c:4065
kmalloc include/linux/slab.h:628 [inline]
hfsplus_listxattr+0x4cc/0x1a50 fs/hfsplus/xattr.c:699
vfs_listxattr fs/xattr.c:493 [inline]
listxattr+0x1f3/0x6b0 fs/xattr.c:840
path_listxattr fs/xattr.c:864 [inline]
__do_sys_listxattr fs/xattr.c:876 [inline]
__se_sys_listxattr fs/xattr.c:873 [inline]
__x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873
x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
[Fix]
When allocating memory to strbuf, initialize memory to 0.

Related

vulnrichment 1
cvelist 1
cve 1
debiancve 1
nvd 1
redhatcve 1
nessus 14
osv 14
openvas 6
mageia 2
vulnrichment
vulnrichment
CVE-2024-41059 hfsplus: fix uninit-value in copy_name
2024-07-29 14:57:21
cvelist
cvelist
CVE-2024-41059 hfsplus: fix uninit-value in copy_name
2024-07-29 14:57:21
cve
cve
CVE-2024-41059
2024-07-29 15:15:13
debiancve
debiancve
CVE-2024-41059
2024-07-29 15:15:13
nvd
nvd
CVE-2024-41059
2024-07-29 15:15:13
redhatcve
redhatcve
CVE-2024-41059
2024-07-31 09:14:37
nessus
nessus
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-080)
2024-08-17 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-066)
2024-08-17 00:00:00
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2923-1)
2024-08-16 00:00:00
osv
osv
Security update for the Linux Kernel
2024-08-13 14:06:26
Security update for the Linux Kernel
2024-08-15 07:01:07
Security update for the Linux Kernel
2024-08-16 13:48:15
openvas
openvas
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:2948-1)
2024-08-20 00:00:00
Debian: Security Advisory (DSA-5747-1)
2024-08-13 00:00:00
Mageia: Security Advisory (MGASA-2024-0278)
2024-08-07 00:00:00
mageia
mageia
Updated kernel, kmod-xtables-addons & kmod-virtualbox packages fix security vulnerabilities
2024-08-07 08:49:38
Updated kernel-linus packages fix security vulnerabilities
2024-08-07 08:49:38

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

7.6

Confidence

High

EPSS

0

Percentile

5.1%

JSON
Related for OSV:CVE-2024-41059
vulnrichment1cvelist1cve1debiancve1nvd1redhatcve1nessus14osv14openvas6mageia2