{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-39301","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-06-24T13:53:25.535Z","datePublished":"2024-06-25T14:22:41.566Z","dateUpdated":"2025-05-04T09:16:16.375Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:16:16.375Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: fix uninit-value in p9_client_rpc()\n\nSyzbot with the help of KMSAN reported the following error:\n\nBUG: KMSAN: uninit-value in trace_9p_client_res include/trace/events/9p.h:146 [inline]\nBUG: KMSAN: uninit-value in p9_client_rpc+0x1314/0x1340 net/9p/client.c:754\n trace_9p_client_res include/trace/events/9p.h:146 [inline]\n p9_client_rpc+0x1314/0x1340 net/9p/client.c:754\n p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031\n v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410\n v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122\n legacy_get_tree+0x114/0x290 fs/fs_context.c:662\n vfs_get_tree+0xa7/0x570 fs/super.c:1797\n do_new_mount+0x71f/0x15e0 fs/namespace.c:3352\n path_mount+0x742/0x1f20 fs/namespace.c:3679\n do_mount fs/namespace.c:3692 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x725/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n __alloc_pages+0x9d6/0xe70 mm/page_alloc.c:4598\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2175 [inline]\n allocate_slab mm/slub.c:2338 [inline]\n new_slab+0x2de/0x1400 mm/slub.c:2391\n ___slab_alloc+0x1184/0x33d0 mm/slub.c:3525\n __slab_alloc mm/slub.c:3610 [inline]\n __slab_alloc_node mm/slub.c:3663 [inline]\n slab_alloc_node mm/slub.c:3835 [inline]\n kmem_cache_alloc+0x6d3/0xbe0 mm/slub.c:3852\n p9_tag_alloc net/9p/client.c:278 [inline]\n p9_client_prepare_req+0x20a/0x1770 net/9p/client.c:641\n p9_client_rpc+0x27e/0x1340 net/9p/client.c:688\n p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031\n v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410\n v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122\n legacy_get_tree+0x114/0x290 fs/fs_context.c:662\n vfs_get_tree+0xa7/0x570 fs/super.c:1797\n do_new_mount+0x71f/0x15e0 fs/namespace.c:3352\n path_mount+0x742/0x1f20 fs/namespace.c:3679\n do_mount fs/namespace.c:3692 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x725/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nIf p9_check_errors() fails early in p9_client_rpc(), req->rc.tag\nwill not be properly initialized. However, trace_9p_client_res()\nends up trying to print it out anyway before p9_client_rpc()\nfinishes.\n\nFix this issue by assigning default values to p9_fcall fields\nsuch as 'tag' and (just in case KMSAN unearths something new) 'id'\nduring the tag allocation stage."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/9p/client.c"],"versions":[{"version":"348b59012e5c6402741d067cf6eeeb6271999d06","lessThan":"72c5d8e416ecc46af370a1340b3db5ff0b0cc867","status":"affected","versionType":"git"},{"version":"348b59012e5c6402741d067cf6eeeb6271999d06","lessThan":"2101901dd58c6da4924bc5efb217a1d83436290b","status":"affected","versionType":"git"},{"version":"348b59012e5c6402741d067cf6eeeb6271999d06","lessThan":"124947855564572713d705a13be7d0c9dae16a17","status":"affected","versionType":"git"},{"version":"348b59012e5c6402741d067cf6eeeb6271999d06","lessThan":"89969ffbeb948ffc159d19252e7469490103011b","status":"affected","versionType":"git"},{"version":"348b59012e5c6402741d067cf6eeeb6271999d06","lessThan":"ca71f204711ad24113e8b344dc5bb8b0385f5672","status":"affected","versionType":"git"},{"version":"348b59012e5c6402741d067cf6eeeb6271999d06","lessThan":"6c1791130b781c843572fb6391c4a4c5d857ab17","status":"affected","versionType":"git"},{"version":"348b59012e5c6402741d067cf6eeeb6271999d06","lessThan":"fe5c604053c36c62af24eee8a76407d026ea5163","status":"affected","versionType":"git"},{"version":"348b59012e5c6402741d067cf6eeeb6271999d06","lessThan":"25460d6f39024cc3b8241b14c7ccf0d6f11a736a","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/9p/client.c"],"versions":[{"version":"3.2","status":"affected"},{"version":"0","lessThan":"3.2","status":"unaffected","versionType":"semver"},{"version":"4.19.316","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.278","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.219","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.161","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.94","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.34","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.9.5","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"4.19.316"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"5.4.278"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"5.10.219"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"5.15.161"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.1.94"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.6.34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.9.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/72c5d8e416ecc46af370a1340b3db5ff0b0cc867"},{"url":"https://git.kernel.org/stable/c/2101901dd58c6da4924bc5efb217a1d83436290b"},{"url":"https://git.kernel.org/stable/c/124947855564572713d705a13be7d0c9dae16a17"},{"url":"https://git.kernel.org/stable/c/89969ffbeb948ffc159d19252e7469490103011b"},{"url":"https://git.kernel.org/stable/c/ca71f204711ad24113e8b344dc5bb8b0385f5672"},{"url":"https://git.kernel.org/stable/c/6c1791130b781c843572fb6391c4a4c5d857ab17"},{"url":"https://git.kernel.org/stable/c/fe5c604053c36c62af24eee8a76407d026ea5163"},{"url":"https://git.kernel.org/stable/c/25460d6f39024cc3b8241b14c7ccf0d6f11a736a"}],"title":"net/9p: fix uninit-value in p9_client_rpc()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-25T15:42:59.168505Z","id":"CVE-2024-39301","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-25T15:43:08.345Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T04:19:20.748Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/72c5d8e416ecc46af370a1340b3db5ff0b0cc867","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/2101901dd58c6da4924bc5efb217a1d83436290b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/124947855564572713d705a13be7d0c9dae16a17","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/89969ffbeb948ffc159d19252e7469490103011b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ca71f204711ad24113e8b344dc5bb8b0385f5672","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6c1791130b781c843572fb6391c4a4c5d857ab17","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/fe5c604053c36c62af24eee8a76407d026ea5163","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/25460d6f39024cc3b8241b14c7ccf0d6f11a736a","tags":["x_transferred"]}]}]}}