{"id":"CVE-2024-53066","summary":"nfs: Fix KMSAN warning in decode_getfattr_attrs()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Fix KMSAN warning in decode_getfattr_attrs()\n\nFix the following KMSAN warning:\n\nCPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G    B\nTainted: [B]=BAD_PAGE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009)\n=====================================================\n=====================================================\nBUG: KMSAN: uninit-value in decode_getfattr_attrs+0x2d6d/0x2f90\n decode_getfattr_attrs+0x2d6d/0x2f90\n decode_getfattr_generic+0x806/0xb00\n nfs4_xdr_dec_getattr+0x1de/0x240\n rpcauth_unwrap_resp_decode+0xab/0x100\n rpcauth_unwrap_resp+0x95/0xc0\n call_decode+0x4ff/0xb50\n __rpc_execute+0x57b/0x19d0\n rpc_execute+0x368/0x5e0\n rpc_run_task+0xcfe/0xee0\n nfs4_proc_getattr+0x5b5/0x990\n __nfs_revalidate_inode+0x477/0xd00\n nfs_access_get_cached+0x1021/0x1cc0\n nfs_do_access+0x9f/0xae0\n nfs_permission+0x1e4/0x8c0\n inode_permission+0x356/0x6c0\n link_path_walk+0x958/0x1330\n path_lookupat+0xce/0x6b0\n filename_lookup+0x23e/0x770\n vfs_statx+0xe7/0x970\n vfs_fstatat+0x1f2/0x2c0\n __se_sys_newfstatat+0x67/0x880\n __x64_sys_newfstatat+0xbd/0x120\n x64_sys_call+0x1826/0x3cf0\n do_syscall_64+0xd0/0x1b0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe KMSAN warning is triggered in decode_getfattr_attrs(), when calling\ndecode_attr_mdsthreshold(). It appears that fattr-\u003emdsthreshold is not\ninitialized.\n\nFix the issue by initializing fattr-\u003emdsthreshold to NULL in\nnfs_fattr_init().","modified":"2026-04-02T12:22:42.114565Z","published":"2024-11-19T17:22:35.389Z","related":["SUSE-SU-2024:4314-1","SUSE-SU-2024:4315-1","SUSE-SU-2024:4316-1","SUSE-SU-2024:4318-1","SUSE-SU-2024:4364-1","SUSE-SU-2024:4367-1","SUSE-SU-2024:4376-1","SUSE-SU-2024:4387-1","SUSE-SU-2025:0035-1","SUSE-SU-2025:20163-1","SUSE-SU-2025:20164-1","SUSE-SU-2025:20246-1","SUSE-SU-2025:20247-1","USN-7276-1","USN-7277-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53066.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/25ffd294fef81a7f3cd9528adf21560c04d98747"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8fc5ea9231af9122d227c9c13f5e578fca48d2e3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9b453e8b108a5a93a6e348cf2ba4c9c138314a00"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9be0a21ae52b3b822d0eec4d14e909ab394f8a92"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bbfcd261cc068fe1cd02a4e871275074a0daa4e2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dc270d7159699ad6d11decadfce9633f0f71c1db"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f6b2b2b981af8e7d7c62d34143acefa4e1edfe8b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f749cb60a01f8391c760a1d6ecd938cadacf9549"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53066.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53066"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"88034c3d88c2c48b215f2cc5eb22e564aa817f9c"},{"fixed":"25ffd294fef81a7f3cd9528adf21560c04d98747"},{"fixed":"bbfcd261cc068fe1cd02a4e871275074a0daa4e2"},{"fixed":"8fc5ea9231af9122d227c9c13f5e578fca48d2e3"},{"fixed":"9b453e8b108a5a93a6e348cf2ba4c9c138314a00"},{"fixed":"f6b2b2b981af8e7d7c62d34143acefa4e1edfe8b"},{"fixed":"f749cb60a01f8391c760a1d6ecd938cadacf9549"},{"fixed":"9be0a21ae52b3b822d0eec4d14e909ab394f8a92"},{"fixed":"dc270d7159699ad6d11decadfce9633f0f71c1db"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53066.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}