CVE-2024-36020
Vulnerability from cvelistv5
Published
2024-05-30 14:59
Modified
2024-12-19 09:00
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced by commit 52424f974bc5, which causes servers hang in very hard to reproduce conditions with resets races. Using two sources for the information is the root cause. In this function before the fix bumping v didn't mean bumping vf pointer. But the code used this variables interchangeably, so stale vf could point to different/not intended vf. Remove redundant "v" variable and iterate via single VF pointer across whole function instead to guarantee VF pointer validity.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Impacted products
Vendor Product Version
Linux Linux Version: 6.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36020",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-03T16:54:29.774868Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:10.052Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.504Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d",
              "status": "affected",
              "version": "76ed715836c6994bac29d9638e9314e6e3b08651",
              "versionType": "git"
            },
            {
              "lessThan": "9dcf0fcb80f6aeb01469e3c957f8d4c97365450a",
              "status": "affected",
              "version": "e88c2a1e28c5475065563d66c07ca879a9afbd07",
              "versionType": "git"
            },
            {
              "lessThan": "b8e82128b44fa40bf99a50b919488ef361e1683c",
              "status": "affected",
              "version": "9abae363af5ced6adbf04c14366289540281fb26",
              "versionType": "git"
            },
            {
              "lessThan": "951d2748a2a8242853abc3d0c153ce4bf8faad31",
              "status": "affected",
              "version": "c39de3ae5075ea5f78e097cb5720d4e52d5caed9",
              "versionType": "git"
            },
            {
              "lessThan": "3e89846283f3cf7c7a8e28b342576fd7c561d2ba",
              "status": "affected",
              "version": "52424f974bc53c26ba3f00300a00e9de9afcd972",
              "versionType": "git"
            },
            {
              "lessThan": "0dcf573f997732702917af1563aa2493dc772fc0",
              "status": "affected",
              "version": "52424f974bc53c26ba3f00300a00e9de9afcd972",
              "versionType": "git"
            },
            {
              "lessThan": "06df7618f591b2dc43c59967e294d7b9fc8675b6",
              "status": "affected",
              "version": "52424f974bc53c26ba3f00300a00e9de9afcd972",
              "versionType": "git"
            },
            {
              "lessThan": "f37c4eac99c258111d414d31b740437e1925b8e8",
              "status": "affected",
              "version": "52424f974bc53c26ba3f00300a00e9de9afcd972",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "lessThan": "6.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix vf may be used uninitialized in this function warning\n\nTo fix the regression introduced by commit 52424f974bc5, which causes\nservers hang in very hard to reproduce conditions with resets races.\nUsing two sources for the information is the root cause.\nIn this function before the fix bumping v didn\u0027t mean bumping vf\npointer. But the code used this variables interchangeably, so stale vf\ncould point to different/not intended vf.\n\nRemove redundant \"v\" variable and iterate via single VF pointer across\nwhole function instead to guarantee VF pointer validity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:00:39.716Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d"
        },
        {
          "url": "https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a"
        },
        {
          "url": "https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c"
        },
        {
          "url": "https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31"
        },
        {
          "url": "https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0"
        },
        {
          "url": "https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6"
        },
        {
          "url": "https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8"
        }
      ],
      "title": "i40e: fix vf may be used uninitialized in this function warning",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36020",
    "datePublished": "2024-05-30T14:59:44.447Z",
    "dateReserved": "2024-05-17T13:50:33.157Z",
    "dateUpdated": "2024-12-19T09:00:39.716Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-36020\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-30T15:15:49.107\",\"lastModified\":\"2024-11-21T09:21:27.090\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ni40e: fix vf may be used uninitialized in this function warning\\n\\nTo fix the regression introduced by commit 52424f974bc5, which causes\\nservers hang in very hard to reproduce conditions with resets races.\\nUsing two sources for the information is the root cause.\\nIn this function before the fix bumping v didn\u0027t mean bumping vf\\npointer. But the code used this variables interchangeably, so stale vf\\ncould point to different/not intended vf.\\n\\nRemove redundant \\\"v\\\" variable and iterate via single VF pointer across\\nwhole function instead to guarantee VF pointer validity.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i40e: se puede usar vf sin inicializar en esta funci\u00f3n advertencia Para corregir la regresi\u00f3n introducida por el commit 52424f974bc5, que hace que los servidores se cuelguen con mucha dificultad para reproducir condiciones con restablecimientos de ejecuci\u00f3n. El uso de dos fuentes para la informaci\u00f3n es la causa fundamental. En esta funci\u00f3n, antes de la correcci\u00f3n, tocar v no significaba tocar el puntero vf. Pero el c\u00f3digo usaba estas variables indistintamente, por lo que un vf obsoleto podr\u00eda apuntar a un vf diferente o no intencionado. Elimine la variable \\\"v\\\" redundante e itere mediante un \u00fanico puntero VF en toda la funci\u00f3n para garantizar la validez del puntero VF.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.