{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-36020", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.157Z", "datePublished": "2024-05-30T14:59:44.447Z", "dateUpdated": "2024-08-02T03:30:12.504Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-30T14:59:44.447Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix vf may be used uninitialized in this function warning\n\nTo fix the regression introduced by commit 52424f974bc5, which causes\nservers hang in very hard to reproduce conditions with resets races.\nUsing two sources for the information is the root cause.\nIn this function before the fix bumping v didn't mean bumping vf\npointer. But the code used this variables interchangeably, so stale vf\ncould point to different/not intended vf.\n\nRemove redundant \"v\" variable and iterate via single VF pointer across\nwhole function instead to guarantee VF pointer validity."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"], "versions": [{"version": "76ed715836c6", "lessThan": "cc9cd02dd9e8", "status": "affected", "versionType": "git"}, {"version": "e88c2a1e28c5", "lessThan": "9dcf0fcb80f6", "status": "affected", "versionType": "git"}, {"version": "9abae363af5c", "lessThan": "b8e82128b44f", "status": "affected", "versionType": "git"}, {"version": "c39de3ae5075", "lessThan": "951d2748a2a8", "status": "affected", "versionType": "git"}, {"version": "52424f974bc5", "lessThan": "3e89846283f3", "status": "affected", "versionType": "git"}, {"version": "52424f974bc5", "lessThan": "0dcf573f9977", "status": "affected", "versionType": "git"}, {"version": "52424f974bc5", "lessThan": "06df7618f591", "status": "affected", "versionType": "git"}, {"version": "52424f974bc5", "lessThan": "f37c4eac99c2", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"], "versions": [{"version": "6.1", "status": "affected"}, {"version": "0", "lessThan": "6.1", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.312", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.274", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.215", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.154", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.85", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.26", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8.5", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d"}, {"url": "https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a"}, {"url": "https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c"}, {"url": "https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31"}, {"url": "https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba"}, {"url": "https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0"}, {"url": "https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6"}, {"url": "https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "title": "i40e: fix vf may be used uninitialized in this function warning", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36020", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-03T16:54:29.774868Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:48:10.052Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:12.504Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:12.504Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36020", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-03T16:54:29.774868Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-03T17:16:38.155Z"}}], "cna": {"title": "i40e: fix vf may be used uninitialized in this function warning", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "76ed715836c6", "lessThan": "cc9cd02dd9e8", "versionType": "git"}, {"status": "affected", "version": "e88c2a1e28c5", "lessThan": "9dcf0fcb80f6", "versionType": "git"}, {"status": "affected", "version": "9abae363af5c", "lessThan": "b8e82128b44f", "versionType": "git"}, {"status": "affected", "version": "c39de3ae5075", "lessThan": "951d2748a2a8", "versionType": "git"}, {"status": "affected", "version": "52424f974bc5", "lessThan": "3e89846283f3", "versionType": "git"}, {"status": "affected", "version": "52424f974bc5", "lessThan": "0dcf573f9977", "versionType": "git"}, {"status": "affected", "version": "52424f974bc5", "lessThan": "06df7618f591", "versionType": "git"}, {"status": "affected", "version": "52424f974bc5", "lessThan": "f37c4eac99c2", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.1"}, {"status": "unaffected", "version": "0", "lessThan": "6.1", "versionType": "custom"}, {"status": "unaffected", "version": "4.19.312", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.274", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.215", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.154", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.85", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.26", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.5", "versionType": "custom", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d"}, {"url": "https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a"}, {"url": "https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c"}, {"url": "https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31"}, {"url": "https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba"}, {"url": "https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0"}, {"url": "https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6"}, {"url": "https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix vf may be used uninitialized in this function warning\n\nTo fix the regression introduced by commit 52424f974bc5, which causes\nservers hang in very hard to reproduce conditions with resets races.\nUsing two sources for the information is the root cause.\nIn this function before the fix bumping v didn't mean bumping vf\npointer. But the code used this variables interchangeably, so stale vf\ncould point to different/not intended vf.\n\nRemove redundant \"v\" variable and iterate via single VF pointer across\nwhole function instead to guarantee VF pointer validity."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-30T14:59:44.447Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36020", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:30:12.504Z", "dateReserved": "2024-05-17T13:50:33.157Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-30T14:59:44.447Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix vf may be used uninitialized in this function warning\n\nTo fix the regression introduced by commit 52424f974bc5, which causes\nservers hang in very hard to reproduce conditions with resets races.\nUsing two sources for the information is the root cause.\nIn this function before the fix bumping v didn't mean bumping vf\npointer. But the code used this variables interchangeably, so stale vf\ncould point to different/not intended vf.\n\nRemove redundant \"v\" variable and iterate via single VF pointer across\nwhole function instead to guarantee VF pointer validity."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i40e: se puede usar vf sin inicializar en esta funci\u00f3n advertencia Para corregir la regresi\u00f3n introducida por el commit 52424f974bc5, que hace que los servidores se cuelguen con mucha dificultad para reproducir condiciones con restablecimientos de ejecuci\u00f3n. El uso de dos fuentes para la informaci\u00f3n es la causa fundamental. En esta funci\u00f3n, antes de la correcci\u00f3n, tocar v no significaba tocar el puntero vf. Pero el c\u00f3digo usaba estas variables indistintamente, por lo que un vf obsoleto podr\u00eda apuntar a un vf diferente o no intencionado. Elimine la variable \"v\" redundante e itere mediante un \u00fanico puntero VF en toda la funci\u00f3n para garantizar la validez del puntero VF."}], "id": "CVE-2024-36020", "lastModified": "2024-06-27T12:15:27.717", "metrics": {}, "published": "2024-05-30T15:15:49.107", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:5102", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5101", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.16.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:4902", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "kernel-0:4.18.0-372.113.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-07-29T00:00:00Z"}, {"advisory": "RHSA-2024:4902", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "kernel-0:4.18.0-372.113.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-07-29T00:00:00Z"}, {"advisory": "RHSA-2024:4902", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "kernel-0:4.18.0-372.113.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-07-29T00:00:00Z"}, {"advisory": "RHSA-2024:5255", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kernel-0:4.18.0-477.67.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5363", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.31.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5363", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.31.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5066", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.77.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:5067", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.77.1.rt14.362.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-07T00:00:00Z"}], "bugzilla": {"description": "kernel: i40e: fix vf may be used uninitialized in this function warning", "id": "2284400", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284400"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-362", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ni40e: fix vf may be used uninitialized in this function warning\nTo fix the regression introduced by commit 52424f974bc5, which causes\nservers hang in very hard to reproduce conditions with resets races.\nUsing two sources for the information is the root cause.\nIn this function before the fix bumping v didn't mean bumping vf\npointer. But the code used this variables interchangeably, so stale vf\ncould point to different/not intended vf.\nRemove redundant \"v\" variable and iterate via single VF pointer across\nwhole function instead to guarantee VF pointer validity.", "A flaw was found in the Linux kernel\u2019s Ethernet Controller XL710 family driver. This flaw allows a local user to crash the system."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent the i40e module from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to prevent it from loading automatically."}, "name": "CVE-2024-36020", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-36020\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-36020"], "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.312, kernel 5.4.274, kernel 5.10.215, kernel 5.15.154, kernel 6.1.85, kernel 6.6.26, kernel 6.8.5, kernel 6.9"}