CVE-2024-44947
Published: Sep 2, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_notify_store() must be more careful to fully initialize page contents (including parts of the page that are beyond end-of-file) before marking the page uptodate. The current code can leave beyond-EOF page contents uninitialized, which makes these uninitialized page contents visible to userspace via mmap(). This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter).
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected a1d75f258230b75d46aecdf28b2e732413028863 - < 49934861514d36d0995be8e81bb3312a499d8d9aaffected a1d75f258230b75d46aecdf28b2e732413028863 - < 33168db352c7b56ae18aa55c2cae1a1c5905d30eaffected a1d75f258230b75d46aecdf28b2e732413028863 - < 4690e2171f651e2b415e3941ce17f2f7b813aff6affected a1d75f258230b75d46aecdf28b2e732413028863 - < 8c78303eafbf85a728dd84d1750e89240c677dd9affected a1d75f258230b75d46aecdf28b2e732413028863 - < 831433527773e665bdb635ab5783d0b95d1246f4+3 more versions |
Linux | Linux | affected 2.6.36unaffected 0 - < 2.6.36unaffected 4.19.321 - <= 4.19.*unaffected 5.4.283 - <= 5.4.*unaffected 5.10.225 - <= 5.10.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now