{"uuid": "9555028e-7185-425a-8b79-d1ae4c83acd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-53155", "type": "seen", "source": "https://t.me/cvedetector/13596", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53155 - Apache Io uring uninitialized Struct Kiocb Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-53155 \nPublished : Dec. 24, 2024, 12:15 p.m. | 45\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nocfs2: fix uninitialized value in ocfs2_file_read_iter()  \n  \nSyzbot has reported the following KMSAN splat:  \n  \nBUG: KMSAN: uninit-value in ocfs2_file_read_iter+0x9a4/0xf80  \n ocfs2_file_read_iter+0x9a4/0xf80  \n __io_read+0x8d4/0x20f0  \n io_read+0x3e/0xf0  \n io_issue_sqe+0x42b/0x22c0  \n io_wq_submit_work+0xaf9/0xdc0  \n io_worker_handle_work+0xd13/0x2110  \n io_wq_worker+0x447/0x1410  \n ret_from_fork+0x6f/0x90  \n ret_from_fork_asm+0x1a/0x30  \n  \nUninit was created at:  \n __alloc_pages_noprof+0x9a7/0xe00  \n alloc_pages_mpol_noprof+0x299/0x990  \n alloc_pages_noprof+0x1bf/0x1e0  \n allocate_slab+0x33a/0x1250  \n ___slab_alloc+0x12ef/0x35e0  \n kmem_cache_alloc_bulk_noprof+0x486/0x1330  \n __io_alloc_req_refill+0x84/0x560  \n io_submit_sqes+0x172f/0x2f30  \n __se_sys_io_uring_enter+0x406/0x41c0  \n __x64_sys_io_uring_enter+0x11f/0x1a0  \n x64_sys_call+0x2b54/0x3ba0  \n do_syscall_64+0xcd/0x1e0  \n entry_SYSCALL_64_after_hwframe+0x77/0x7f  \n  \nSince an instance of 'struct kiocb' may be passed from the block layer  \nwith 'private' field uninitialized, introduce 'ocfs2_iocb_init_rw_locked()'  \nand use it from where 'ocfs2_dio_end_io()' might take care, i.e. in  \n'ocfs2_file_read_iter()' and 'ocfs2_file_write_iter()'. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-24T14:24:29.000000Z"}