exploitDog

CVE-2024-36020

Опубликовано: 30 мая 2024

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

i40e: fix vf may be used uninitialized in this function warning

To fix the regression introduced by commit 52424f974bc5, which causes servers hang in very hard to reproduce conditions with resets races. Using two sources for the information is the root cause. In this function before the fix bumping v didn't mean bumping vf pointer. But the code used this variables interchangeably, so stale vf could point to different/not intended vf.

Remove redundant "v" variable and iterate via single VF pointer across whole function instead to guarantee VF pointer validity.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.19.264 (включая) до 4.19.312 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.4.223 (включая) до 5.4.274 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.10.153 (включая) до 5.10.215 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.15.77 (включая) до 5.15.154 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.0.7 (включая) до 6.1 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.1.1 (включая) до 6.1.85 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.2 (включая) до 6.6.26 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.7 (включая) до 6.8.5 (исключая)

cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 2%

0.00013

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-908

Связанные уязвимости

CVE-2024-36020

CVSS3: 5.5

ubuntu

почти 2 года назад

In the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced by commit 52424f974bc5, which causes servers hang in very hard to reproduce conditions with resets races. Using two sources for the information is the root cause. In this function before the fix bumping v didn't mean bumping vf pointer. But the code used this variables interchangeably, so stale vf could point to different/not intended vf. Remove redundant "v" variable and iterate via single VF pointer across whole function instead to guarantee VF pointer validity.

CVE-2024-36020

CVSS3: 5.3

redhat

почти 2 года назад

In the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced by commit 52424f974bc5, which causes servers hang in very hard to reproduce conditions with resets races. Using two sources for the information is the root cause. In this function before the fix bumping v didn't mean bumping vf pointer. But the code used this variables interchangeably, so stale vf could point to different/not intended vf. Remove redundant "v" variable and iterate via single VF pointer across whole function instead to guarantee VF pointer validity.

CVE-2024-36020

CVSS3: 5.5

debian

почти 2 года назад

In the Linux kernel, the following vulnerability has been resolved: i ...

BDU:2024-10659

CVSS3: 5.5

fstec

почти 2 года назад

Уязвимость компонента i40e ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

ROS-20241127-02

CVSS3: 7.8

redos

больше 1 года назад

Множественные уязвимости kernel-lt

EPSS

Процентиль: 2%

0.00013

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-908