CVE-2024-42113 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts When using MSI/INTx interrupts, wx->num_q_vectors is uninitialized. Thus there will be kernel panic in wx_alloc_q_vectors() to allocate queue vectors.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/7c36711a2cd8059c2d24f5e5c1d76e8ea2d5613c
https://git.kernel.org/stable/c/9edc7a83cd40ac96ff14fe3a17a38f7ace6611df
https://git.kernel.org/stable/c/c98969226d1fe0c1dd779db8b1c444bc5294fc83
https://lore.kernel.org/linux-cve-announce/2024073022-CVE-2024-42113-be53@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-42113
https://www.cve.org/CVERecord?id=CVE-2024-42113

History

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 30 Aug 2024 02:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-824

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-07-30T07:46:06.942Z

Updated: 2024-11-05T09:37:39.879Z

Reserved: 2024-07-29T15:50:41.177Z

Link: CVE-2024-42113

Vulnrichment

Updated: 2024-08-02T04:54:32.254Z

NVD

Status : Awaiting Analysis

Published: 2024-07-30T08:15:03.713

Modified: 2024-07-30T13:32:45.943

Link: CVE-2024-42113

Redhat

Severity : Moderate

Publid Date: 2024-07-30T00:00:00Z

Links: CVE-2024-42113 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42113", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.177Z", "datePublished": "2024-07-30T07:46:06.942Z", "dateUpdated": "2024-11-05T09:37:39.879Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:37:39.879Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: txgbe: initialize num_q_vectors for MSI/INTx interrupts\n\nWhen using MSI/INTx interrupts, wx->num_q_vectors is uninitialized.\nThus there will be kernel panic in wx_alloc_q_vectors() to allocate\nqueue vectors."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/wangxun/libwx/wx_lib.c"], "versions": [{"version": "3f703186113f", "lessThan": "9edc7a83cd40", "status": "affected", "versionType": "git"}, {"version": "3f703186113f", "lessThan": "c98969226d1f", "status": "affected", "versionType": "git"}, {"version": "3f703186113f", "lessThan": "7c36711a2cd8", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/wangxun/libwx/wx_lib.c"], "versions": [{"version": "6.3", "status": "affected"}, {"version": "0", "lessThan": "6.3", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.39", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.9", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/9edc7a83cd40ac96ff14fe3a17a38f7ace6611df"}, {"url": "https://git.kernel.org/stable/c/c98969226d1fe0c1dd779db8b1c444bc5294fc83"}, {"url": "https://git.kernel.org/stable/c/7c36711a2cd8059c2d24f5e5c1d76e8ea2d5613c"}], "title": "net: txgbe: initialize num_q_vectors for MSI/INTx interrupts", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.254Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/9edc7a83cd40ac96ff14fe3a17a38f7ace6611df", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c98969226d1fe0c1dd779db8b1c444bc5294fc83", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7c36711a2cd8059c2d24f5e5c1d76e8ea2d5613c", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42113", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:17:23.403447Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:06.288Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/9edc7a83cd40ac96ff14fe3a17a38f7ace6611df", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c98969226d1fe0c1dd779db8b1c444bc5294fc83", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7c36711a2cd8059c2d24f5e5c1d76e8ea2d5613c", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.254Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42113", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:17:23.403447Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:14.548Z"}}], "cna": {"title": "net: txgbe: initialize num_q_vectors for MSI/INTx interrupts", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3f703186113f", "lessThan": "9edc7a83cd40", "versionType": "git"}, {"status": "affected", "version": "3f703186113f", "lessThan": "c98969226d1f", "versionType": "git"}, {"status": "affected", "version": "3f703186113f", "lessThan": "7c36711a2cd8", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/wangxun/libwx/wx_lib.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.3"}, {"status": "unaffected", "version": "0", "lessThan": "6.3", "versionType": "semver"}, {"status": "unaffected", "version": "6.6.39", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.9", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/wangxun/libwx/wx_lib.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/9edc7a83cd40ac96ff14fe3a17a38f7ace6611df"}, {"url": "https://git.kernel.org/stable/c/c98969226d1fe0c1dd779db8b1c444bc5294fc83"}, {"url": "https://git.kernel.org/stable/c/7c36711a2cd8059c2d24f5e5c1d76e8ea2d5613c"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: txgbe: initialize num_q_vectors for MSI/INTx interrupts\n\nWhen using MSI/INTx interrupts, wx->num_q_vectors is uninitialized.\nThus there will be kernel panic in wx_alloc_q_vectors() to allocate\nqueue vectors."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:37:39.879Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42113", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:37:39.879Z", "dateReserved": "2024-07-29T15:50:41.177Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-30T07:46:06.942Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "kernel: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts", "id": "2301476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301476"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-824", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: txgbe: initialize num_q_vectors for MSI/INTx interrupts\nWhen using MSI/INTx interrupts, wx->num_q_vectors is uninitialized.\nThus there will be kernel panic in wx_alloc_q_vectors() to allocate\nqueue vectors.", "A vulnerability was found in the Linux kernel's `txgbe` driver involving uninitialized `num_q_vectors` when using MSI/INTx interrupts. This can lead to kernel panics during the allocation of queue vectors due to the use of undefined values. This issue was resolved by ensuring `num_q_vectors` is properly initialized, thereby preventing system crashes and enhancing overall stability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42113", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42113\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42113\nhttps://lore.kernel.org/linux-cve-announce/2024073022-CVE-2024-42113-be53@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.6.39, kernel 6.9.9, kernel 6.10"}