{"id":"CVE-2024-44947","summary":"fuse: Initialize beyond-EOF page contents before setting uptodate","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter).","modified":"2026-04-16T04:31:21.159104523Z","published":"2024-09-02T17:36:15.633Z","related":["SUSE-SU-2024:3190-1","SUSE-SU-2024:3209-1","SUSE-SU-2024:3225-1","SUSE-SU-2024:3227-1","SUSE-SU-2024:3249-1","SUSE-SU-2024:3408-1","SUSE-SU-2024:3467-1","SUSE-SU-2024:3483-1","SUSE-SU-2024:3499-1","SUSE-SU-2024:3551-1","SUSE-SU-2024:3553-1","SUSE-SU-2024:3559-1","SUSE-SU-2024:3561-1","SUSE-SU-2024:3564-1","SUSE-SU-2024:3566-1","SUSE-SU-2024:3591-1","SUSE-SU-2024:3983-1","SUSE-SU-2024:3985-1","SUSE-SU-2024:4038-1","SUSE-SU-2024:4081-1","SUSE-SU-2024:4082-1","SUSE-SU-2024:4103-1","SUSE-SU-2024:4131-1","SUSE-SU-2024:4140-1","SUSE-SU-2024:4364-1","SUSE-SU-2025:20073-1","SUSE-SU-2025:20077-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/44xxx/CVE-2024-44947.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/18a067240817bee8a9360539af5d79a4bf5398a5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3c0da3d163eb32f1f91891efaade027fa9b245b9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"WEB","url":"https://project-zero.issues.chromium.org/issues/42451729"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/44xxx/CVE-2024-44947.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-44947"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a1d75f258230b75d46aecdf28b2e732413028863"},{"fixed":"49934861514d36d0995be8e81bb3312a499d8d9a"},{"fixed":"33168db352c7b56ae18aa55c2cae1a1c5905d30e"},{"fixed":"4690e2171f651e2b415e3941ce17f2f7b813aff6"},{"fixed":"8c78303eafbf85a728dd84d1750e89240c677dd9"},{"fixed":"831433527773e665bdb635ab5783d0b95d1246f4"},{"fixed":"ac42e0f0eb66af966015ee33fd355bc6f5d80cd6"},{"fixed":"18a067240817bee8a9360539af5d79a4bf5398a5"},{"fixed":"3c0da3d163eb32f1f91891efaade027fa9b245b9"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-44947.json"}}],"schema_version":"1.7.5"}