CVE-2024-26901

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak<br /> <br /> syzbot identified a kernel information leak vulnerability in<br /> do_sys_name_to_handle() and issued the following report [1].<br /> <br /> [1]<br /> "BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]<br /> BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x100 lib/usercopy.c:40<br /> instrument_copy_to_user include/linux/instrumented.h:114 [inline]<br /> _copy_to_user+0xbc/0x100 lib/usercopy.c:40<br /> copy_to_user include/linux/uaccess.h:191 [inline]<br /> do_sys_name_to_handle fs/fhandle.c:73 [inline]<br /> __do_sys_name_to_handle_at fs/fhandle.c:112 [inline]<br /> __se_sys_name_to_handle_at+0x949/0xb10 fs/fhandle.c:94<br /> __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94<br /> ...<br /> <br /> Uninit was created at:<br /> slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768<br /> slab_alloc_node mm/slub.c:3478 [inline]<br /> __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517<br /> __do_kmalloc_node mm/slab_common.c:1006 [inline]<br /> __kmalloc+0x121/0x3c0 mm/slab_common.c:1020<br /> kmalloc include/linux/slab.h:604 [inline]<br /> do_sys_name_to_handle fs/fhandle.c:39 [inline]<br /> __do_sys_name_to_handle_at fs/fhandle.c:112 [inline]<br /> __se_sys_name_to_handle_at+0x441/0xb10 fs/fhandle.c:94<br /> __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94<br /> ...<br /> <br /> Bytes 18-19 of 20 are uninitialized<br /> Memory access of size 20 starts at ffff888128a46380<br /> Data copied to user address 0000000020000240"<br /> <br /> Per Chuck Lever&amp;#39;s suggestion, use kzalloc() instead of kmalloc() to<br /> solve the problem.