CVE-2024-26901

do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak

References

Notes

 carnil> Introduced in 990d6c2d7aee ("vfs: Add name to file handle conversion support").
 carnil> Vulnerable versions: 2.6.39-rc1.

Bugs

Status

Branch Status
4.19-buster-security needed
4.19-upstream-stable released (4.19.311) [4bac28f441e3cc9d3f1a84c8d023228a68d8a7c1]
5.10-bullseye-security released (5.10.216-1)
5.10-upstream-stable released (5.10.214) [cde76b3af247f615447bcfecf610bb76c3529126]
6.1-bookworm-security released (6.1.85-1)
6.1-upstream-stable released (6.1.83) [e6450d5e46a737a008b4885aa223486113bf0ad6]
6.6-upstream-stable released (6.6.23) [c1362eae861db28b1608b9dc23e49634fe87b63b]
6.8-upstream-stable released (6.8.2) [bf9ec1b24ab4e94345aa1c60811dd329f069c38b]
sid released (6.7.12-1)
upstream released (6.9-rc1) [3948abaa4e2be938ccdfc289385a27342fb13d43]