CVE-2024-43875

PCI: endpoint: Clean up error handling in vpci_scan_bus()

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

PCI: endpoint: Clean up error handling in vpci_scan_bus()

Smatch complains about inconsistent NULL checking in vpci_scan_bus():

drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021)

Instead of printing an error message and then crashing we should return
an error code and clean up.

Also the NULL check is reversed so it prints an error for success
instead of failure.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-08-17 CVE Reserved
2024-08-21 CVE Published
2024-08-21 EPSS Updated
2024-09-15 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/e2b6ef72b7aea9d7d480d2df499bcd1c93247abb	Vuln. Introduced
https://git.kernel.org/stable/c/e35f56bb03304abc92c928b641af41ca372966bb	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/24414c842a24d0fd498f9db6d2a762a8dddf1832	2024-08-19
https://git.kernel.org/stable/c/7d368de78b60088ec9031c60c88976c0063ea4c0	2024-08-03
https://git.kernel.org/stable/c/0e27e2e8697b8ce96cdef43f135426525d9d1f8f	2024-08-03
https://git.kernel.org/stable/c/b9e8695246bcfc028341470cbf92630cdc1ba36b	2024-08-03
https://git.kernel.org/stable/c/8e0f5a96c534f781e8c57ca30459448b3bfe5429	2024-07-04

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.153 < 5.15.165 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.153 < 5.15.165"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.1.103 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.1.103"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.6.44 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.6.44"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.10.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.10.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.11"		en		Affected