{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-53066","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-11-19T17:17:24.975Z","datePublished":"2024-11-19T17:22:35.389Z","dateUpdated":"2025-11-03T22:28:59.261Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:52:05.745Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Fix KMSAN warning in decode_getfattr_attrs()\n\nFix the following KMSAN warning:\n\nCPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G    B\nTainted: [B]=BAD_PAGE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009)\n=====================================================\n=====================================================\nBUG: KMSAN: uninit-value in decode_getfattr_attrs+0x2d6d/0x2f90\n decode_getfattr_attrs+0x2d6d/0x2f90\n decode_getfattr_generic+0x806/0xb00\n nfs4_xdr_dec_getattr+0x1de/0x240\n rpcauth_unwrap_resp_decode+0xab/0x100\n rpcauth_unwrap_resp+0x95/0xc0\n call_decode+0x4ff/0xb50\n __rpc_execute+0x57b/0x19d0\n rpc_execute+0x368/0x5e0\n rpc_run_task+0xcfe/0xee0\n nfs4_proc_getattr+0x5b5/0x990\n __nfs_revalidate_inode+0x477/0xd00\n nfs_access_get_cached+0x1021/0x1cc0\n nfs_do_access+0x9f/0xae0\n nfs_permission+0x1e4/0x8c0\n inode_permission+0x356/0x6c0\n link_path_walk+0x958/0x1330\n path_lookupat+0xce/0x6b0\n filename_lookup+0x23e/0x770\n vfs_statx+0xe7/0x970\n vfs_fstatat+0x1f2/0x2c0\n __se_sys_newfstatat+0x67/0x880\n __x64_sys_newfstatat+0xbd/0x120\n x64_sys_call+0x1826/0x3cf0\n do_syscall_64+0xd0/0x1b0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe KMSAN warning is triggered in decode_getfattr_attrs(), when calling\ndecode_attr_mdsthreshold(). It appears that fattr->mdsthreshold is not\ninitialized.\n\nFix the issue by initializing fattr->mdsthreshold to NULL in\nnfs_fattr_init()."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/nfs/inode.c"],"versions":[{"version":"88034c3d88c2c48b215f2cc5eb22e564aa817f9c","lessThan":"25ffd294fef81a7f3cd9528adf21560c04d98747","status":"affected","versionType":"git"},{"version":"88034c3d88c2c48b215f2cc5eb22e564aa817f9c","lessThan":"bbfcd261cc068fe1cd02a4e871275074a0daa4e2","status":"affected","versionType":"git"},{"version":"88034c3d88c2c48b215f2cc5eb22e564aa817f9c","lessThan":"8fc5ea9231af9122d227c9c13f5e578fca48d2e3","status":"affected","versionType":"git"},{"version":"88034c3d88c2c48b215f2cc5eb22e564aa817f9c","lessThan":"9b453e8b108a5a93a6e348cf2ba4c9c138314a00","status":"affected","versionType":"git"},{"version":"88034c3d88c2c48b215f2cc5eb22e564aa817f9c","lessThan":"f6b2b2b981af8e7d7c62d34143acefa4e1edfe8b","status":"affected","versionType":"git"},{"version":"88034c3d88c2c48b215f2cc5eb22e564aa817f9c","lessThan":"f749cb60a01f8391c760a1d6ecd938cadacf9549","status":"affected","versionType":"git"},{"version":"88034c3d88c2c48b215f2cc5eb22e564aa817f9c","lessThan":"9be0a21ae52b3b822d0eec4d14e909ab394f8a92","status":"affected","versionType":"git"},{"version":"88034c3d88c2c48b215f2cc5eb22e564aa817f9c","lessThan":"dc270d7159699ad6d11decadfce9633f0f71c1db","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/nfs/inode.c"],"versions":[{"version":"3.5","status":"affected"},{"version":"0","lessThan":"3.5","status":"unaffected","versionType":"semver"},{"version":"4.19.324","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.286","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.230","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.172","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.117","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.61","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.11.8","lessThanOrEqual":"6.11.*","status":"unaffected","versionType":"semver"},{"version":"6.12","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"4.19.324"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"5.4.286"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"5.10.230"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"5.15.172"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"6.1.117"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"6.6.61"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"6.11.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"6.12"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/25ffd294fef81a7f3cd9528adf21560c04d98747"},{"url":"https://git.kernel.org/stable/c/bbfcd261cc068fe1cd02a4e871275074a0daa4e2"},{"url":"https://git.kernel.org/stable/c/8fc5ea9231af9122d227c9c13f5e578fca48d2e3"},{"url":"https://git.kernel.org/stable/c/9b453e8b108a5a93a6e348cf2ba4c9c138314a00"},{"url":"https://git.kernel.org/stable/c/f6b2b2b981af8e7d7c62d34143acefa4e1edfe8b"},{"url":"https://git.kernel.org/stable/c/f749cb60a01f8391c760a1d6ecd938cadacf9549"},{"url":"https://git.kernel.org/stable/c/9be0a21ae52b3b822d0eec4d14e909ab394f8a92"},{"url":"https://git.kernel.org/stable/c/dc270d7159699ad6d11decadfce9633f0f71c1db"}],"title":"nfs: Fix KMSAN warning in decode_getfattr_attrs()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2024-53066","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2025-10-01T20:12:33.440422Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-908","description":"CWE-908 Use of Uninitialized Resource"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-01T20:17:16.602Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:28:59.261Z"}}]}}