{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-35849","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-17T13:50:33.105Z","datePublished":"2024-05-17T14:47:27.486Z","dateUpdated":"2026-05-12T11:52:16.683Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T20:12:26.649Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix information leak in btrfs_ioctl_logical_to_ino()\n\nSyzbot reported the following information leak for in\nbtrfs_ioctl_logical_to_ino():\n\n  BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n  BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:40\n   instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n   _copy_to_user+0xbc/0x110 lib/usercopy.c:40\n   copy_to_user include/linux/uaccess.h:191 [inline]\n   btrfs_ioctl_logical_to_ino+0x440/0x750 fs/btrfs/ioctl.c:3499\n   btrfs_ioctl+0x714/0x1260\n   vfs_ioctl fs/ioctl.c:51 [inline]\n   __do_sys_ioctl fs/ioctl.c:904 [inline]\n   __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890\n   __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890\n   x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17\n   do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n   do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n  Uninit was created at:\n   __kmalloc_large_node+0x231/0x370 mm/slub.c:3921\n   __do_kmalloc_node mm/slub.c:3954 [inline]\n   __kmalloc_node+0xb07/0x1060 mm/slub.c:3973\n   kmalloc_node include/linux/slab.h:648 [inline]\n   kvmalloc_node+0xc0/0x2d0 mm/util.c:634\n   kvmalloc include/linux/slab.h:766 [inline]\n   init_data_container+0x49/0x1e0 fs/btrfs/backref.c:2779\n   btrfs_ioctl_logical_to_ino+0x17c/0x750 fs/btrfs/ioctl.c:3480\n   btrfs_ioctl+0x714/0x1260\n   vfs_ioctl fs/ioctl.c:51 [inline]\n   __do_sys_ioctl fs/ioctl.c:904 [inline]\n   __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890\n   __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890\n   x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17\n   do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n   do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n  Bytes 40-65535 of 65536 are uninitialized\n  Memory access of size 65536 starts at ffff888045a40000\n\nThis happens, because we're copying a 'struct btrfs_data_container' back\nto user-space. This btrfs_data_container is allocated in\n'init_data_container()' via kvmalloc(), which does not zero-fill the\nmemory.\n\nFix this by using kvzalloc() which zeroes out the memory on allocation."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/btrfs/backref.c"],"versions":[{"version":"a542ad1bafc7df9fc16de8a6894b350a4df75572","lessThan":"689efe22e9b5b7d9d523119a9a5c3c17107a0772","status":"affected","versionType":"git"},{"version":"a542ad1bafc7df9fc16de8a6894b350a4df75572","lessThan":"73db209dcd4ae026021234d40cfcb2fb5b564b86","status":"affected","versionType":"git"},{"version":"a542ad1bafc7df9fc16de8a6894b350a4df75572","lessThan":"30189e54ba80e3209d34cfeea87b848f6ae025e6","status":"affected","versionType":"git"},{"version":"a542ad1bafc7df9fc16de8a6894b350a4df75572","lessThan":"e58047553a4e859dafc8d1d901e1de77c9dd922d","status":"affected","versionType":"git"},{"version":"a542ad1bafc7df9fc16de8a6894b350a4df75572","lessThan":"8bdbcfaf3eac42f98e5486b3d7e130fa287811f6","status":"affected","versionType":"git"},{"version":"a542ad1bafc7df9fc16de8a6894b350a4df75572","lessThan":"3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc","status":"affected","versionType":"git"},{"version":"a542ad1bafc7df9fc16de8a6894b350a4df75572","lessThan":"fddc19631c51d9c17d43e9f822a7bc403af88d54","status":"affected","versionType":"git"},{"version":"a542ad1bafc7df9fc16de8a6894b350a4df75572","lessThan":"2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/btrfs/backref.c"],"versions":[{"version":"3.2","status":"affected"},{"version":"0","lessThan":"3.2","status":"unaffected","versionType":"semver"},{"version":"4.19.313","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.275","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.216","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.158","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.90","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.30","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.8.9","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"4.19.313"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"5.4.275"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"5.10.216"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"5.15.158"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.1.90"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.6.30"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.8.9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/689efe22e9b5b7d9d523119a9a5c3c17107a0772"},{"url":"https://git.kernel.org/stable/c/73db209dcd4ae026021234d40cfcb2fb5b564b86"},{"url":"https://git.kernel.org/stable/c/30189e54ba80e3209d34cfeea87b848f6ae025e6"},{"url":"https://git.kernel.org/stable/c/e58047553a4e859dafc8d1d901e1de77c9dd922d"},{"url":"https://git.kernel.org/stable/c/8bdbcfaf3eac42f98e5486b3d7e130fa287811f6"},{"url":"https://git.kernel.org/stable/c/3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc"},{"url":"https://git.kernel.org/stable/c/fddc19631c51d9c17d43e9f822a7bc403af88d54"},{"url":"https://git.kernel.org/stable/c/2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf"}],"title":"btrfs: fix information leak in btrfs_ioctl_logical_to_ino()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-35849","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-05-23T19:26:21.803612Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:34:01.668Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T03:21:48.438Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/689efe22e9b5b7d9d523119a9a5c3c17107a0772","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/73db209dcd4ae026021234d40cfcb2fb5b564b86","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/30189e54ba80e3209d34cfeea87b848f6ae025e6","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e58047553a4e859dafc8d1d901e1de77c9dd922d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/8bdbcfaf3eac42f98e5486b3d7e130fa287811f6","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/fddc19631c51d9c17d43e9f822a7bc403af88d54","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","tags":["x_transferred"]}]},{"x_adpType":"supplier","providerMetadata":{"orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP","dateUpdated":"2026-05-12T11:52:16.683Z"},"affected":[{"vendor":"Siemens","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html"}]}]},"dataVersion":"5.2"}