CVE-2024-36020

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-36020
In the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced by commit 52424f974bc5, which causes servers hang in very hard to reproduce conditions with resets races. Using two sources for the information is the root cause. In this function before the fix bumping v didn't mean bumping vf pointer. But the code used this variables interchangeably, so stale vf could point to different/not intended vf. Remove redundant "v" variable and iterate via single VF pointer across whole function instead to guarantee VF pointer validity.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6 Patch
https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0 Patch
https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba Patch
https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31 Patch
https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a Patch
https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c Patch
https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d Patch
https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8 Patch
https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6 Patch
https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0 Patch
https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba Patch
https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31 Patch
https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a Patch
https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c Patch
https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d Patch
https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8 Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-05-30 15:15

Updated : 2025-12-23 19:16

NVD link : CVE-2024-36020

Mitre link : CVE-2024-36020

CVE.ORG link : CVE-2024-36020

JSON object : View

Products Affected

debian

  • debian_linux

linux

  • linux_kernel
CWE
CWE-908

Use of Uninitialized Resource