// For flags

CVE-2024-36020

i40e: fix vf may be used uninitialized in this function warning

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

i40e: fix vf may be used uninitialized in this function warning

To fix the regression introduced by commit 52424f974bc5, which causes
servers hang in very hard to reproduce conditions with resets races.
Using two sources for the information is the root cause.
In this function before the fix bumping v didn't mean bumping vf
pointer. But the code used this variables interchangeably, so stale vf
could point to different/not intended vf.

Remove redundant "v" variable and iterate via single VF pointer across
whole function instead to guarantee VF pointer validity.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i40e: se puede usar vf sin inicializar en esta función advertencia Para corregir la regresión introducida por el commit 52424f974bc5, que hace que los servidores se cuelguen con mucha dificultad para reproducir condiciones con restablecimientos de ejecución. El uso de dos fuentes para la información es la causa fundamental. En esta función, antes de la corrección, tocar v no significaba tocar el puntero vf. Pero el código usaba estas variables indistintamente, por lo que un vf obsoleto podría apuntar a un vf diferente o no intencionado. Elimine la variable "v" redundante e itere mediante un único puntero VF en toda la función para garantizar la validez del puntero VF.

A flaw was found in the Linux kernel’s Ethernet Controller XL710 family driver. This flaw allows a local user to crash the system.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-05-17 CVE Reserved
  • 2024-05-30 CVE Published
  • 2024-05-31 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (18)
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.19.264 < 4.19.312
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.264 < 4.19.312"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.4.223 < 5.4.274
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.223 < 5.4.274"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.10.153 < 5.10.215
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.153 < 5.10.215"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.15.77 < 5.15.154
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.77 < 5.15.154"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.1 < 6.1.85
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.1.85"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.1 < 6.6.26
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.6.26"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.1 < 6.8.5
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.8.5"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.1 < 6.9
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.9"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
6.0.7
Search vendor "Linux" for product "Linux Kernel" and version "6.0.7"
en
Affected