Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-36898

Опубликовано: 30 мая 2024
Источник: redhat
CVSS3: 4.1
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is requested with debounce, and that results in debouncing in software, and the line is subsequently reconfigured to enable edge detection then the allocation of the kfifo to contain edge events is overlooked. This results in events being written to and read from an uninitialised kfifo. Read events are returned to userspace. Initialise the kfifo in the case where the software debounce is already active.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelFix deferred
Red Hat Enterprise Linux 9kernel-rtFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-457
https://bugzilla.redhat.com/show_bug.cgi?id=2284551kernel: gpiolib: cdev: fix uninitialised kfifo

EPSS

Процентиль: 1%
0.00013
Низкий

4.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-36898

CVSS3: 7.8
ubuntu
больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is requested with debounce, and that results in debouncing in software, and the line is subsequently reconfigured to enable edge detection then the allocation of the kfifo to contain edge events is overlooked. This results in events being written to and read from an uninitialised kfifo. Read events are returned to userspace. Initialise the kfifo in the case where the software debounce is already active.

nvd логотип

CVE-2024-36898

CVSS3: 7.8
nvd
больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is requested with debounce, and that results in debouncing in software, and the line is subsequently reconfigured to enable edge detection then the allocation of the kfifo to contain edge events is overlooked. This results in events being written to and read from an uninitialised kfifo. Read events are returned to userspace. Initialise the kfifo in the case where the software debounce is already active.

msrc логотип

CVE-2024-36898

msrc
около 2 месяцев назад

gpiolib: cdev: fix uninitialised kfifo

debian логотип

CVE-2024-36898

CVSS3: 7.8
debian
больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: g ...

fstec логотип

BDU:2025-08074

CVSS3: 6.1
fstec
больше 1 года назад

Уязвимость компонента gpiolib-cdev.c ядра операционной системы Linux, позволяющая нарушителю а также вызвать отказ в обслуживании

EPSS

Процентиль: 1%
0.00013
Низкий

4.1 Medium

CVSS3

Уязвимость CVE-2024-36898