// For flags

CVE-2024-36975

KEYS: trusted: Do not use WARN when encode fails

Severity Score

"-"
*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

KEYS: trusted: Do not use WARN when encode fails

When asn1_encode_sequence() fails, WARN is not the correct solution.

1. asn1_encode_sequence() is not an internal function (located
in lib/asn1_encode.c).
2. Location is known, which makes the stack trace useless.
3. Results a crash if panic_on_warn is set.

It is also noteworthy that the use of WARN is undocumented, and it
should be avoided unless there is a carefully considered rationale to
use it.

Replace WARN with pr_err, and print the return value instead, which is
only useful piece of information.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: LLAVES: confiable: no usar WARN cuando falla la codificación Cuando falla asn1_encode_sequence(), WARN no es la solución correcta. 1. asn1_encode_sequence() no es una función interna (ubicada en lib/asn1_encode.c). 2. Se conoce la ubicación, lo que hace que el seguimiento de la pila sea inútil. 3. Se produce un bloqueo si se configura pánico_on_warn. También es digno de mención que el uso de WARN no está documentado y debe evitarse a menos que exista una justificación cuidadosamente considerada para su uso. Reemplace WARN con pr_err e imprima el valor de retorno, que es solo información útil.

*Credits: N/A
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-05-30 CVE Reserved
  • 2024-06-18 CVE Published
  • 2024-06-19 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.13 < 5.15.160
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.15.160"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.13 < 6.1.92
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.1.92"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.13 < 6.6.32
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.6.32"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.13 < 6.8.11
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.8.11"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.13 < 6.9.2
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.9.2"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.13 < 6.10
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.10"
en
Affected