Metrics
Affected Vendors & Products
Sat, 23 Nov 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 13 Nov 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux |
Wed, 16 Oct 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-402 | |
Metrics |
threat_severity
|
threat_severity
|
Mon, 16 Sep 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linux
Linux linux Kernel |
|
Weaknesses | CWE-665 | |
CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:* |
|
Vendors & Products |
Linux
Linux linux Kernel |
|
Metrics |
cvssV3_1
|
cvssV3_1
|
Wed, 11 Sep 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 04 Sep 2024 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Tue, 03 Sep 2024 09:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Mon, 02 Sep 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_notify_store() must be more careful to fully initialize page contents (including parts of the page that are beyond end-of-file) before marking the page uptodate. The current code can leave beyond-EOF page contents uninitialized, which makes these uninitialized page contents visible to userspace via mmap(). This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter). | |
Title | fuse: Initialize beyond-EOF page contents before setting uptodate | |
References |
|
Status: PUBLISHED
Assigner: Linux
Published: 2024-09-02T17:36:15.633Z
Updated: 2024-12-19T09:18:52.198Z
Reserved: 2024-08-21T05:34:56.665Z
Link: CVE-2024-44947
Updated: 2024-09-11T12:42:19.078Z
Status : Modified
Published: 2024-09-02T18:15:36.577
Modified: 2024-11-23T23:15:03.810
Link: CVE-2024-44947