Oracle Linux: (CVE-2024-26901) ELSA-2024-3618: kernel update

Description

In the Linux kernel, the following vulnerability has been resolved:

do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak

syzbot identified a kernel information leak vulnerability in

do_sys_name_to_handle() and issued the following report [1].

[1]

"BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]

BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x100 lib/usercopy.c:40

instrument_copy_to_user include/linux/instrumented.h:114 [inline]

_copy_to_user+0xbc/0x100 lib/usercopy.c:40

copy_to_user include/linux/uaccess.h:191 [inline]

do_sys_name_to_handle fs/fhandle.c:73 [inline]

__do_sys_name_to_handle_at fs/fhandle.c:112 [inline]

__se_sys_name_to_handle_at+0x949/0xb10 fs/fhandle.c:94

__x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94

...

Uninit was created at:

slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768

slab_alloc_node mm/slub.c:3478 [inline]

__kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517

__do_kmalloc_node mm/slab_common.c:1006 [inline]

__kmalloc+0x121/0x3c0 mm/slab_common.c:1020

kmalloc include/linux/slab.h:604 [inline]

do_sys_name_to_handle fs/fhandle.c:39 [inline]

__do_sys_name_to_handle_at fs/fhandle.c:112 [inline]

__se_sys_name_to_handle_at+0x441/0xb10 fs/fhandle.c:94

__x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94

...

Bytes 18-19 of 20 are uninitialized

Memory access of size 20 starts at ffff888128a46380

Data copied to user address 0000000020000240"

Per Chuck Lever's suggestion, use kzalloc() instead of kmalloc() to

solve the problem.