CVE-2024-26638

2024-03-1800:00:00

ubuntu.com

linux kernel

vulnerability

cve-2024-26638

nbd struct msghdr

initialization fix

bug

kmsan

uninit-value

tcp_recvmsg

drivers/block/nbd

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved: nbd:
always initialize struct msghdr completely syzbot complains that
msg->msg_get_inq value can be uninitialized [1] struct msghdr got many new
fields recently, we should always make sure their values is zero by
default. [1] BUG: KMSAN: uninit-value in tcp_recvmsg+0x686/0xac0
net/ipv4/tcp.c:2571 tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571
inet_recvmsg+0x131/0x580 net/ipv4/af_inet.c:879 sock_recvmsg_nosec
net/socket.c:1044 [inline] sock_recvmsg+0x12b/0x1e0 net/socket.c:1066
__sock_xmit+0x236/0x5c0 drivers/block/nbd.c:538 nbd_read_reply
drivers/block/nbd.c:732 [inline] recv_work+0x262/0x3100
drivers/block/nbd.c:863 process_one_work kernel/workqueue.c:2627 [inline]
process_scheduled_works+0x104e/0x1e70 kernel/workqueue.c:2700
worker_thread+0xf45/0x1490 kernel/workqueue.c:2781 kthread+0x3ed/0x540
kernel/kthread.c:388 ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 Local variable
msg created at: __sock_xmit+0x4c/0x5c0 drivers/block/nbd.c:513
nbd_read_reply drivers/block/nbd.c:732 [inline] recv_work+0x262/0x3100
drivers/block/nbd.c:863 CPU: 1 PID: 7465 Comm: kworker/u5:1 Not tainted
6.7.0-rc7-syzkaller-00041-gf016f7547aee #0 Hardware name: Google Google
Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Workqueue:
nbd5-recv recv_work

Notes

Author	Note
rodrigo-zaiden	USN-6765-1 for linux-oem-6.5 wrongly stated that this CVE was fixed in version 6.5.0-1022.23. The mentioned notice was revoked and the state of the fix for linux-oem-6.5 was recovered to the previous state.

OSVersionArchitecturePackageVersionFilename
ubuntu23.10noarchlinux< 6.5.0-41.41UNKNOWN
ubuntu23.10noarchlinux-aws< 6.5.0-1021.21UNKNOWN
ubuntu22.04noarchlinux-aws-6.5< anyUNKNOWN
ubuntu23.10noarchlinux-azure< 6.5.0-1022.23UNKNOWN
ubuntu22.04noarchlinux-azure-6.5< 6.5.0-1022.23~22.04.1UNKNOWN
ubuntu23.10noarchlinux-gcp< 6.5.0-1022.24UNKNOWN
ubuntu22.04noarchlinux-gcp-6.5< 6.5.0-1022.24~22.04.1UNKNOWN
ubuntu22.04noarchlinux-hwe-6.5< 6.5.0-41.41~22.04.2UNKNOWN
ubuntu23.10noarchlinux-laptop< 6.5.0-1017.20UNKNOWN
ubuntu23.10noarchlinux-lowlatency< 6.5.0-41.41.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	23.10	noarch	linux	< 6.5.0-41.41	UNKNOWN
ubuntu	23.10	noarch	linux-aws	< 6.5.0-1021.21	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< any	UNKNOWN
ubuntu	23.10	noarch	linux-azure	< 6.5.0-1022.23	UNKNOWN
ubuntu	22.04	noarch	linux-azure-6.5	< 6.5.0-1022.23~22.04.1	UNKNOWN
ubuntu	23.10	noarch	linux-gcp	< 6.5.0-1022.24	UNKNOWN
ubuntu	22.04	noarch	linux-gcp-6.5	< 6.5.0-1022.24~22.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-hwe-6.5	< 6.5.0-41.41~22.04.2	UNKNOWN
ubuntu	23.10	noarch	linux-laptop	< 6.5.0-1017.20	UNKNOWN
ubuntu	23.10	noarch	linux-lowlatency	< 6.5.0-41.41.1	UNKNOWN