CVE-2024-42312
MEDIUMLinux Kernel 4.9.187-4.9.x - Use of Uninitialized Resource in sysctl
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: sysctl: always initialize i_uid/i_gid Always initialize i_uid/i_gid inside the sysfs core so set_ownership() can safely skip setting them. Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when set_ownership() was not implemented. It also missed adjusting net_ctl_set_ownership() to use the same default values in case the computation of a better value failed.
References (9)
Core 9
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Scores
CVSS v3
5.5
EPSS
0.0022
EPSS Percentile
12.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-908
Status
published
Products (25)
Linux/Linux
< 5.3
Linux/Linux
14cc90952cef94bfa89a6b4a2f55fd9a70f50a16
Linux/Linux
2c7b50c7b1d036f71acd9a917a8cb0f9b6e43dab
Linux/Linux
2cbf2af144f0cd08a3361c6299b2e6086b7d21d9
Linux/Linux
4.14.135 - 4.15
Linux/Linux
4.19.61 - 4.20
Linux/Linux
4.9.187 - 4.10
Linux/Linux
5.1.20 - 5.2
Linux/Linux
5.10.224 - 5.10.*
Linux/Linux
5.15.165 - 5.15.*
... and 15 more
Published
Aug 17, 2024
Tracked Since
Feb 18, 2026