๐Ÿ” CVE Alert

CVE-2024-44947

UNKNOWN 0.0

fuse: Initialize beyond-EOF page contents before setting uptodate

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_notify_store() must be more careful to fully initialize page contents (including parts of the page that are beyond end-of-file) before marking the page uptodate. The current code can leave beyond-EOF page contents uninitialized, which makes these uninitialized page contents visible to userspace via mmap(). This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter).

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published Sep 2, 2024
Last Updated May 11, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Linux / Linux
a1d75f258230b75d46aecdf28b2e732413028863 < 49934861514d36d0995be8e81bb3312a499d8d9a a1d75f258230b75d46aecdf28b2e732413028863 < 33168db352c7b56ae18aa55c2cae1a1c5905d30e a1d75f258230b75d46aecdf28b2e732413028863 < 4690e2171f651e2b415e3941ce17f2f7b813aff6 a1d75f258230b75d46aecdf28b2e732413028863 < 8c78303eafbf85a728dd84d1750e89240c677dd9 a1d75f258230b75d46aecdf28b2e732413028863 < 831433527773e665bdb635ab5783d0b95d1246f4 a1d75f258230b75d46aecdf28b2e732413028863 < ac42e0f0eb66af966015ee33fd355bc6f5d80cd6 a1d75f258230b75d46aecdf28b2e732413028863 < 18a067240817bee8a9360539af5d79a4bf5398a5 a1d75f258230b75d46aecdf28b2e732413028863 < 3c0da3d163eb32f1f91891efaade027fa9b245b9
Linux / Linux
2.6.36

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a git.kernel.org: https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e git.kernel.org: https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6 git.kernel.org: https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9 git.kernel.org: https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4 git.kernel.org: https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6 git.kernel.org: https://git.kernel.org/stable/c/18a067240817bee8a9360539af5d79a4bf5398a5 git.kernel.org: https://git.kernel.org/stable/c/3c0da3d163eb32f1f91891efaade027fa9b245b9 project-zero.issues.chromium.org: https://project-zero.issues.chromium.org/issues/42451729 lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html lists.debian.org: https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html