CVE-2024-39301: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net/9p: fix uninit-value in p9_client_rpc() Syzbot with the help of KMSAN reported the following error: BUG: KMSAN: uninit-value in trace_9p_client_res include/trace/events/9p.h:146 [inline] BUG: KMSAN: uninit-value in p9_client_rpc+0x1314/0x1340 net/9p/client.c:754 trace_9p_client_res include/trace/events/9p.h:146 [inline] p9_client_rpc+0x1314/0x1340 net/9p/client.c:754 p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031 v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410 v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122 legacy_get_tree+0x114/0x290 fs/fs_context.c:662 vfs_get_tree+0xa7/0x570 fs/super.c:1797 do_new_mount+0x71f/0x15e0 fs/namespace.c:3352 path_mount+0x742/0x1f20 fs/namespace.c:3679 do_mount fs/namespace.c:3692 [inline] __do_sys_mount fs/namespace.c:3898 [inline] __se_sys_mount+0x725/0x810 fs/namespace.c:3875 __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Uninit was created at: __alloc_pages+0x9d6/0xe70 mm/page_alloc.c:4598 __alloc_pages_node include/linux/gfp.h:238 [inline] alloc_pages_node include/linux/gfp.h:261 [inline] alloc_slab_page mm/slub.c:2175 [inline] allocate_slab mm/slub.c:2338 [inline] new_slab+0x2de/0x1400 mm/slub.c:2391 ___slab_alloc+0x1184/0x33d0 mm/slub.c:3525 __slab_alloc mm/slub.c:3610 [inline] __slab_alloc_node mm/slub.c:3663 [inline] slab_alloc_node mm/slub.c:3835 [inline] kmem_cache_alloc+0x6d3/0xbe0 mm/slub.c:3852 p9_tag_alloc net/9p/client.c:278 [inline] p9_client_prepare_req+0x20a/0x1770 net/9p/client.c:641 p9_client_rpc+0x27e/0x1340 net/9p/client.c:688 p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031 v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410 v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122 legacy_get_tree+0x114/0x290 fs/fs_context.c:662 vfs_get_tree+0xa7/0x570 fs/super.c:1797 do_new_mount+0x71f/0x15e0 fs/namespace.c:3352 path_mount+0x742/0x1f20 fs/namespace.c:3679 do_mount fs/namespace.c:3692 [inline] __do_sys_mount fs/namespace.c:3898 [inline] __se_sys_mount+0x725/0x810 fs/namespace.c:3875 __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 If p9_check_errors() fails early in p9_client_rpc(), req->rc.tag will not be properly initialized. However, trace_9p_client_res() ends up trying to print it out anyway before p9_client_rpc() finishes. Fix this issue by assigning default values to p9_fcall fields such as 'tag' and (just in case KMSAN unearths something new) 'id' during the tag allocation stage.
AI Analysis
Technical Summary
CVE-2024-39301 is a vulnerability in the Linux kernel's 9P protocol client implementation, specifically within the p9_client_rpc() function. The 9P protocol is used primarily for network file system operations, notably in virtualized environments and container setups where file system resources are shared. The issue arises from an uninitialized value usage detected by Kernel Memory Sanitizer (KMSAN) during the execution of p9_client_rpc(). If the function p9_check_errors() fails early, the request's tag field (req->rc.tag) is not properly initialized. Despite this, trace_9p_client_res() attempts to log this tag, leading to the use of uninitialized memory. This can cause undefined behavior, including potential kernel crashes or information leaks. The root cause is that default values were not assigned to critical fields such as 'tag' and 'id' during the tag allocation phase in p9_tag_alloc. The fix involves initializing these fields to safe default values to prevent KMSAN warnings and eliminate the use of uninitialized data. This vulnerability was discovered and reported by Syzbot with KMSAN assistance and affects multiple versions of the Linux kernel identified by the commit hash 348b59012e5c6402741d067cf6eeeb6271999d06. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability impacts the kernel's stability and reliability, particularly in environments relying on the 9P protocol for file system operations, such as virtual machines and containerized applications.
Potential Impact
For European organizations, the impact of CVE-2024-39301 could be significant in sectors heavily dependent on Linux-based virtualization and container technologies, such as cloud service providers, financial institutions, research centers, and government agencies. Exploitation could lead to kernel crashes (denial of service), potentially disrupting critical services and operations. Although direct remote exploitation is unlikely without additional conditions, any instability in kernel operations can affect system availability and reliability. Moreover, uninitialized memory usage may lead to information leakage, which could expose sensitive data processed by affected systems. Organizations using Linux kernels with 9P protocol support in production environments should be vigilant, as this vulnerability could be leveraged in complex attack chains targeting virtualized infrastructure. The lack of known exploits reduces immediate risk, but the vulnerability's presence in widely deployed Linux kernels means that timely patching is essential to prevent future exploitation attempts.
Mitigation Recommendations
1. Apply the official Linux kernel patches that initialize the 'tag' and 'id' fields in the p9_client_rpc() function as soon as they become available from trusted Linux distribution vendors or the mainline kernel. 2. For organizations using custom or long-term support kernels, backport the fix from the mainline kernel to ensure protection. 3. Monitor kernel updates from Linux distributions and prioritize deployment in virtualized and container environments that utilize the 9P protocol. 4. Implement kernel crash monitoring and alerting to detect any abnormal behavior potentially related to this vulnerability. 5. Restrict access to systems running vulnerable kernels, especially limiting untrusted user or network access that could trigger 9P operations. 6. Conduct thorough testing of kernel updates in staging environments to ensure stability before production rollout. 7. Consider disabling or limiting the use of the 9P protocol in environments where it is not essential, reducing the attack surface. 8. Maintain up-to-date incident response plans to quickly address any exploitation attempts or system instability related to kernel vulnerabilities.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Ireland
CVE-2024-39301: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net/9p: fix uninit-value in p9_client_rpc() Syzbot with the help of KMSAN reported the following error: BUG: KMSAN: uninit-value in trace_9p_client_res include/trace/events/9p.h:146 [inline] BUG: KMSAN: uninit-value in p9_client_rpc+0x1314/0x1340 net/9p/client.c:754 trace_9p_client_res include/trace/events/9p.h:146 [inline] p9_client_rpc+0x1314/0x1340 net/9p/client.c:754 p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031 v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410 v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122 legacy_get_tree+0x114/0x290 fs/fs_context.c:662 vfs_get_tree+0xa7/0x570 fs/super.c:1797 do_new_mount+0x71f/0x15e0 fs/namespace.c:3352 path_mount+0x742/0x1f20 fs/namespace.c:3679 do_mount fs/namespace.c:3692 [inline] __do_sys_mount fs/namespace.c:3898 [inline] __se_sys_mount+0x725/0x810 fs/namespace.c:3875 __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Uninit was created at: __alloc_pages+0x9d6/0xe70 mm/page_alloc.c:4598 __alloc_pages_node include/linux/gfp.h:238 [inline] alloc_pages_node include/linux/gfp.h:261 [inline] alloc_slab_page mm/slub.c:2175 [inline] allocate_slab mm/slub.c:2338 [inline] new_slab+0x2de/0x1400 mm/slub.c:2391 ___slab_alloc+0x1184/0x33d0 mm/slub.c:3525 __slab_alloc mm/slub.c:3610 [inline] __slab_alloc_node mm/slub.c:3663 [inline] slab_alloc_node mm/slub.c:3835 [inline] kmem_cache_alloc+0x6d3/0xbe0 mm/slub.c:3852 p9_tag_alloc net/9p/client.c:278 [inline] p9_client_prepare_req+0x20a/0x1770 net/9p/client.c:641 p9_client_rpc+0x27e/0x1340 net/9p/client.c:688 p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031 v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410 v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122 legacy_get_tree+0x114/0x290 fs/fs_context.c:662 vfs_get_tree+0xa7/0x570 fs/super.c:1797 do_new_mount+0x71f/0x15e0 fs/namespace.c:3352 path_mount+0x742/0x1f20 fs/namespace.c:3679 do_mount fs/namespace.c:3692 [inline] __do_sys_mount fs/namespace.c:3898 [inline] __se_sys_mount+0x725/0x810 fs/namespace.c:3875 __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 If p9_check_errors() fails early in p9_client_rpc(), req->rc.tag will not be properly initialized. However, trace_9p_client_res() ends up trying to print it out anyway before p9_client_rpc() finishes. Fix this issue by assigning default values to p9_fcall fields such as 'tag' and (just in case KMSAN unearths something new) 'id' during the tag allocation stage.
AI-Powered Analysis
Technical Analysis
CVE-2024-39301 is a vulnerability in the Linux kernel's 9P protocol client implementation, specifically within the p9_client_rpc() function. The 9P protocol is used primarily for network file system operations, notably in virtualized environments and container setups where file system resources are shared. The issue arises from an uninitialized value usage detected by Kernel Memory Sanitizer (KMSAN) during the execution of p9_client_rpc(). If the function p9_check_errors() fails early, the request's tag field (req->rc.tag) is not properly initialized. Despite this, trace_9p_client_res() attempts to log this tag, leading to the use of uninitialized memory. This can cause undefined behavior, including potential kernel crashes or information leaks. The root cause is that default values were not assigned to critical fields such as 'tag' and 'id' during the tag allocation phase in p9_tag_alloc. The fix involves initializing these fields to safe default values to prevent KMSAN warnings and eliminate the use of uninitialized data. This vulnerability was discovered and reported by Syzbot with KMSAN assistance and affects multiple versions of the Linux kernel identified by the commit hash 348b59012e5c6402741d067cf6eeeb6271999d06. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability impacts the kernel's stability and reliability, particularly in environments relying on the 9P protocol for file system operations, such as virtual machines and containerized applications.
Potential Impact
For European organizations, the impact of CVE-2024-39301 could be significant in sectors heavily dependent on Linux-based virtualization and container technologies, such as cloud service providers, financial institutions, research centers, and government agencies. Exploitation could lead to kernel crashes (denial of service), potentially disrupting critical services and operations. Although direct remote exploitation is unlikely without additional conditions, any instability in kernel operations can affect system availability and reliability. Moreover, uninitialized memory usage may lead to information leakage, which could expose sensitive data processed by affected systems. Organizations using Linux kernels with 9P protocol support in production environments should be vigilant, as this vulnerability could be leveraged in complex attack chains targeting virtualized infrastructure. The lack of known exploits reduces immediate risk, but the vulnerability's presence in widely deployed Linux kernels means that timely patching is essential to prevent future exploitation attempts.
Mitigation Recommendations
1. Apply the official Linux kernel patches that initialize the 'tag' and 'id' fields in the p9_client_rpc() function as soon as they become available from trusted Linux distribution vendors or the mainline kernel. 2. For organizations using custom or long-term support kernels, backport the fix from the mainline kernel to ensure protection. 3. Monitor kernel updates from Linux distributions and prioritize deployment in virtualized and container environments that utilize the 9P protocol. 4. Implement kernel crash monitoring and alerting to detect any abnormal behavior potentially related to this vulnerability. 5. Restrict access to systems running vulnerable kernels, especially limiting untrusted user or network access that could trigger 9P operations. 6. Conduct thorough testing of kernel updates in staging environments to ensure stability before production rollout. 7. Consider disabling or limiting the use of the 9P protocol in environments where it is not essential, reducing the attack surface. 8. Maintain up-to-date incident response plans to quickly address any exploitation attempts or system instability related to kernel vulnerabilities.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-06-24T13:53:25.535Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9829c4522896dcbe2c5e
Added to database: 5/21/2025, 9:08:57 AM
Last enriched: 6/29/2025, 12:26:36 PM
Last updated: 8/15/2025, 10:23:15 PM
Views: 14
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.