Executive Summary

This vulnerability exists in the Linux kernel's FUSE (Filesystem in Userspace) implementation. Specifically, the issue is with the FUSE_NOTIFY_RETRIEVE operation, which was not properly limited to only 'uptodate' folios (memory pages that contain valid data).

The problem is that FUSE_NOTIFY_RETRIEVE could return data from folios that were not marked as 'uptodate', meaning they could contain uninitialized or stale data. Since FUSE_NOTIFY_RETRIEVE is supposed to only return data already present in the page cache without waiting for the FUSE daemon, treating non-uptodate folios as if they were present could expose uninitialized data.

This vulnerability affects systems that do not enable automatic zero-initialization of all page allocations, which is controlled by kernel configuration options like CONFIG_INIT_ON_ALLOC_DEFAULT_ON or the init_on_alloc=1 parameter.

Useful 0 Not Useful 0

Impact Analysis

The impact of this vulnerability is that uninitialized memory data could be exposed through the FUSE filesystem interface. This means that sensitive or random data from kernel memory might be leaked to userspace processes accessing FUSE filesystems.

However, this security impact only applies to systems that do not have automatic zero-initialization of page allocations enabled. On systems with this protection enabled, the risk is mitigated.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, ensure that your system enables automatic zero-initialization of all page allocations by enabling CONFIG_INIT_ON_ALLOC_DEFAULT_ON in the kernel configuration or by using the kernel boot parameter init_on_alloc=1.

This setting prevents uninitialized data from being exposed via FUSE_NOTIFY_RETRIEVE by zero-initializing page allocations, thereby addressing the security impact of the vulnerability.

Useful 0 Not Useful 0