{ "affected": [ { "ranges": [ { "events": [ { "introduced": "7cdfc3a1c3971c9125c317cb8c2525745851798e" }, { "fixed": "6c8f8d1e595dabd5389817f6d798cc8bd95c40ab" }, { "fixed": "f4078ef38d3163e6be47403a619558b19c4bfccd" }, { "fixed": "66b7ddd1804e2c4216dd7ead8eeb746cdbb3b62f" }, { "fixed": "8c966150d5abff58c3c2bdb9a6e63fd773782905" }, { "fixed": "83f8713a0ef1d55d6a287bcfadcaab8245ac5098" }, { "fixed": "8e0de82ed18ba0e71f817adbd81317fd1032ca5a" }, { "fixed": "366c933c2ab34dd6551acc03b4872726b7605143" }, { "fixed": "dc78efe556fed162d48736ef24066f42e463e27c" }, { "fixed": "adc77b19f62d7e80f98400b2fca9d700d2afdd6f" } ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "type": "GIT" } ] }, { "package": { "ecosystem": "Linux", "name": "Kernel" }, "ranges": [ { "events": [ { "introduced": "2.6.22" }, { "fixed": "4.19.325" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.20.0" }, { "fixed": "5.4.287" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.5.0" }, { "fixed": "5.10.231" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.11.0" }, { "fixed": "5.15.174" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.16.0" }, { "fixed": "6.1.120" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "6.2.0" }, { "fixed": "6.6.64" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "6.7.0" }, { "fixed": "6.11.11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "6.12.0" }, { "fixed": "6.12.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53155.json" }, "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix uninitialized value in ocfs2_file_read_iter()\n\nSyzbot has reported the following KMSAN splat:\n\nBUG: KMSAN: uninit-value in ocfs2_file_read_iter+0x9a4/0xf80\n ocfs2_file_read_iter+0x9a4/0xf80\n __io_read+0x8d4/0x20f0\n io_read+0x3e/0xf0\n io_issue_sqe+0x42b/0x22c0\n io_wq_submit_work+0xaf9/0xdc0\n io_worker_handle_work+0xd13/0x2110\n io_wq_worker+0x447/0x1410\n ret_from_fork+0x6f/0x90\n ret_from_fork_asm+0x1a/0x30\n\nUninit was created at:\n __alloc_pages_noprof+0x9a7/0xe00\n alloc_pages_mpol_noprof+0x299/0x990\n alloc_pages_noprof+0x1bf/0x1e0\n allocate_slab+0x33a/0x1250\n ___slab_alloc+0x12ef/0x35e0\n kmem_cache_alloc_bulk_noprof+0x486/0x1330\n __io_alloc_req_refill+0x84/0x560\n io_submit_sqes+0x172f/0x2f30\n __se_sys_io_uring_enter+0x406/0x41c0\n __x64_sys_io_uring_enter+0x11f/0x1a0\n x64_sys_call+0x2b54/0x3ba0\n do_syscall_64+0xcd/0x1e0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nSince an instance of 'struct kiocb' may be passed from the block layer\nwith 'private' field uninitialized, introduce 'ocfs2_iocb_init_rw_locked()'\nand use it from where 'ocfs2_dio_end_io()' might take care, i.e. in\n'ocfs2_file_read_iter()' and 'ocfs2_file_write_iter()'.", "id": "CVE-2024-53155", "modified": "2025-12-04T02:33:39.156528891Z", "published": "2024-12-24T11:28:54.241Z", "references": [ { "type": "PACKAGE", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/366c933c2ab34dd6551acc03b4872726b7605143" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/66b7ddd1804e2c4216dd7ead8eeb746cdbb3b62f" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/6c8f8d1e595dabd5389817f6d798cc8bd95c40ab" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/83f8713a0ef1d55d6a287bcfadcaab8245ac5098" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/8c966150d5abff58c3c2bdb9a6e63fd773782905" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/8e0de82ed18ba0e71f817adbd81317fd1032ca5a" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/adc77b19f62d7e80f98400b2fca9d700d2afdd6f" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/dc78efe556fed162d48736ef24066f42e463e27c" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/f4078ef38d3163e6be47403a619558b19c4bfccd" }, { "type": "ADVISORY", "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53155.json" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53155" } ], "schema_version": "1.7.3", "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "type": "CVSS_V3" } ], "summary": "ocfs2: fix uninitialized value in ocfs2_file_read_iter()" }