CVE-2024-36020 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced by commit 52424f974bc5, which causes servers hang in very hard to reproduce conditions with resets races. Using two sources for the information is the root cause. In this function before the fix bumping v didn't mean bumping vf pointer. But the code used this variables interchangeably, so stale vf could point to different/not intended vf. Remove redundant "v" variable and iterate via single VF pointer across whole function instead to guarantee VF pointer validity.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Tus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:5102	2024-08-08T00:00:00Z
kernel-0:4.18.0-553.16.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:5101	2024-08-08T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
kernel-0:4.18.0-372.113.1.el8_6	cpe:/o:redhat:rhel_aus:8.6	RHSA-2024:4902	2024-07-29T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
kernel-0:4.18.0-372.113.1.el8_6	cpe:/o:redhat:rhel_tus:8.6	RHSA-2024:4902	2024-07-29T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
kernel-0:4.18.0-372.113.1.el8_6	cpe:/o:redhat:rhel_e4s:8.6	RHSA-2024:4902	2024-07-29T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
kernel-0:4.18.0-477.67.1.el8_8	cpe:/o:redhat:rhel_eus:8.8	RHSA-2024:5255	2024-08-13T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-427.31.1.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:5363	2024-08-15T00:00:00Z
kernel-0:5.14.0-427.31.1.el9_4	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:5363	2024-08-15T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.77.1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:5066	2024-08-07T00:00:00Z
kernel-rt-0:5.14.0-284.77.1.rt14.362.el9_2	cpe:/a:redhat:rhel_eus:9.2::nfv	RHSA-2024:5067	2024-08-07T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6
https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0
https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba
https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31
https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a
https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c
https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d
https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://nvd.nist.gov/vuln/detail/CVE-2024-36020
https://www.cve.org/CVERecord?id=CVE-2024-36020

History

Sun, 04 May 2025 10:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 16 Aug 2024 18:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9

Tue, 13 Aug 2024 22:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_eus:8.8

Thu, 08 Aug 2024 23:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8::nfv cpe:/o:redhat:enterprise_linux:8
Vendors & Products		Redhat enterprise Linux

Wed, 07 Aug 2024 22:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:9.2

Wed, 07 Aug 2024 10:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.2::nfv
Vendors & Products		Redhat rhel Eus

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-30T14:59:44.447Z

Updated: 2025-05-04T12:56:17.412Z

Reserved: 2024-05-17T13:50:33.157Z

Link: CVE-2024-36020

Vulnrichment

Updated: 2024-08-02T03:30:12.504Z

NVD

Status : Awaiting Analysis

Published: 2024-05-30T15:15:49.107

Modified: 2024-11-21T09:21:27.090

Link: CVE-2024-36020

Redhat

Severity : Moderate

Publid Date: 2024-05-30T00:00:00Z

Links: CVE-2024-36020 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-36020", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.157Z", "datePublished": "2024-05-30T14:59:44.447Z", "dateUpdated": "2025-05-04T12:56:17.412Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:56:17.412Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix vf may be used uninitialized in this function warning\n\nTo fix the regression introduced by commit 52424f974bc5, which causes\nservers hang in very hard to reproduce conditions with resets races.\nUsing two sources for the information is the root cause.\nIn this function before the fix bumping v didn't mean bumping vf\npointer. But the code used this variables interchangeably, so stale vf\ncould point to different/not intended vf.\n\nRemove redundant \"v\" variable and iterate via single VF pointer across\nwhole function instead to guarantee VF pointer validity."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"], "versions": [{"version": "76ed715836c6994bac29d9638e9314e6e3b08651", "lessThan": "cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d", "status": "affected", "versionType": "git"}, {"version": "e88c2a1e28c5475065563d66c07ca879a9afbd07", "lessThan": "9dcf0fcb80f6aeb01469e3c957f8d4c97365450a", "status": "affected", "versionType": "git"}, {"version": "9abae363af5ced6adbf04c14366289540281fb26", "lessThan": "b8e82128b44fa40bf99a50b919488ef361e1683c", "status": "affected", "versionType": "git"}, {"version": "c39de3ae5075ea5f78e097cb5720d4e52d5caed9", "lessThan": "951d2748a2a8242853abc3d0c153ce4bf8faad31", "status": "affected", "versionType": "git"}, {"version": "52424f974bc53c26ba3f00300a00e9de9afcd972", "lessThan": "3e89846283f3cf7c7a8e28b342576fd7c561d2ba", "status": "affected", "versionType": "git"}, {"version": "52424f974bc53c26ba3f00300a00e9de9afcd972", "lessThan": "0dcf573f997732702917af1563aa2493dc772fc0", "status": "affected", "versionType": "git"}, {"version": "52424f974bc53c26ba3f00300a00e9de9afcd972", "lessThan": "06df7618f591b2dc43c59967e294d7b9fc8675b6", "status": "affected", "versionType": "git"}, {"version": "52424f974bc53c26ba3f00300a00e9de9afcd972", "lessThan": "f37c4eac99c258111d414d31b740437e1925b8e8", "status": "affected", "versionType": "git"}, {"version": "02f949747e6fb767b29f7931d4bbf40911684e7a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"], "versions": [{"version": "6.1", "status": "affected"}, {"version": "0", "lessThan": "6.1", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.312", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.274", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.215", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.154", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.85", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.26", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.5", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19.264", "versionEndExcluding": "4.19.312"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.223", "versionEndExcluding": "5.4.274"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.153", "versionEndExcluding": "5.10.215"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.77", "versionEndExcluding": "5.15.154"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.1.85"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.6.26"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.8.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0.7"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d"}, {"url": "https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a"}, {"url": "https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c"}, {"url": "https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31"}, {"url": "https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba"}, {"url": "https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0"}, {"url": "https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6"}, {"url": "https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8"}], "title": "i40e: fix vf may be used uninitialized in this function warning", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36020", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-03T16:54:29.774868Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:48:10.052Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:12.504Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:12.504Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36020", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-03T16:54:29.774868Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-03T17:16:38.155Z"}}], "cna": {"title": "i40e: fix vf may be used uninitialized in this function warning", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "76ed715836c6994bac29d9638e9314e6e3b08651", "lessThan": "cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d", "versionType": "git"}, {"status": "affected", "version": "e88c2a1e28c5475065563d66c07ca879a9afbd07", "lessThan": "9dcf0fcb80f6aeb01469e3c957f8d4c97365450a", "versionType": "git"}, {"status": "affected", "version": "9abae363af5ced6adbf04c14366289540281fb26", "lessThan": "b8e82128b44fa40bf99a50b919488ef361e1683c", "versionType": "git"}, {"status": "affected", "version": "c39de3ae5075ea5f78e097cb5720d4e52d5caed9", "lessThan": "951d2748a2a8242853abc3d0c153ce4bf8faad31", "versionType": "git"}, {"status": "affected", "version": "52424f974bc53c26ba3f00300a00e9de9afcd972", "lessThan": "3e89846283f3cf7c7a8e28b342576fd7c561d2ba", "versionType": "git"}, {"status": "affected", "version": "52424f974bc53c26ba3f00300a00e9de9afcd972", "lessThan": "0dcf573f997732702917af1563aa2493dc772fc0", "versionType": "git"}, {"status": "affected", "version": "52424f974bc53c26ba3f00300a00e9de9afcd972", "lessThan": "06df7618f591b2dc43c59967e294d7b9fc8675b6", "versionType": "git"}, {"status": "affected", "version": "52424f974bc53c26ba3f00300a00e9de9afcd972", "lessThan": "f37c4eac99c258111d414d31b740437e1925b8e8", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.1"}, {"status": "unaffected", "version": "0", "lessThan": "6.1", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.312", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.274", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.215", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.154", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.85", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.26", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.5", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d"}, {"url": "https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a"}, {"url": "https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c"}, {"url": "https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31"}, {"url": "https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba"}, {"url": "https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0"}, {"url": "https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6"}, {"url": "https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix vf may be used uninitialized in this function warning\n\nTo fix the regression introduced by commit 52424f974bc5, which causes\nservers hang in very hard to reproduce conditions with resets races.\nUsing two sources for the information is the root cause.\nIn this function before the fix bumping v didn't mean bumping vf\npointer. But the code used this variables interchangeably, so stale vf\ncould point to different/not intended vf.\n\nRemove redundant \"v\" variable and iterate via single VF pointer across\nwhole function instead to guarantee VF pointer validity."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.19.312", "versionStartIncluding": "4.19.264"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.274", "versionStartIncluding": "5.4.223"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.215", "versionStartIncluding": "5.10.153"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.154", "versionStartIncluding": "5.15.77"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.85", "versionStartIncluding": "6.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.26", "versionStartIncluding": "6.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8.5", "versionStartIncluding": "6.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9", "versionStartIncluding": "6.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "6.0.7"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:10:43.392Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36020", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:10:43.392Z", "dateReserved": "2024-05-17T13:50:33.157Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-30T14:59:44.447Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix vf may be used uninitialized in this function warning\n\nTo fix the regression introduced by commit 52424f974bc5, which causes\nservers hang in very hard to reproduce conditions with resets races.\nUsing two sources for the information is the root cause.\nIn this function before the fix bumping v didn't mean bumping vf\npointer. But the code used this variables interchangeably, so stale vf\ncould point to different/not intended vf.\n\nRemove redundant \"v\" variable and iterate via single VF pointer across\nwhole function instead to guarantee VF pointer validity."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i40e: se puede usar vf sin inicializar en esta funci\u00f3n advertencia Para corregir la regresi\u00f3n introducida por el commit 52424f974bc5, que hace que los servidores se cuelguen con mucha dificultad para reproducir condiciones con restablecimientos de ejecuci\u00f3n. El uso de dos fuentes para la informaci\u00f3n es la causa fundamental. En esta funci\u00f3n, antes de la correcci\u00f3n, tocar v no significaba tocar el puntero vf. Pero el c\u00f3digo usaba estas variables indistintamente, por lo que un vf obsoleto podr\u00eda apuntar a un vf diferente o no intencionado. Elimine la variable \"v\" redundante e itere mediante un \u00fanico puntero VF en toda la funci\u00f3n para garantizar la validez del puntero VF."}], "id": "CVE-2024-36020", "lastModified": "2024-11-21T09:21:27.090", "metrics": {}, "published": "2024-05-30T15:15:49.107", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:5102", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5101", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.16.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:4902", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "kernel-0:4.18.0-372.113.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-07-29T00:00:00Z"}, {"advisory": "RHSA-2024:4902", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "kernel-0:4.18.0-372.113.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-07-29T00:00:00Z"}, {"advisory": "RHSA-2024:4902", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "kernel-0:4.18.0-372.113.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-07-29T00:00:00Z"}, {"advisory": "RHSA-2024:5255", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kernel-0:4.18.0-477.67.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5363", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.31.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5363", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.31.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5066", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.77.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:5067", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.77.1.rt14.362.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-07T00:00:00Z"}], "bugzilla": {"description": "kernel: i40e: fix vf may be used uninitialized in this function warning", "id": "2284400", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284400"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-362", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ni40e: fix vf may be used uninitialized in this function warning\nTo fix the regression introduced by commit 52424f974bc5, which causes\nservers hang in very hard to reproduce conditions with resets races.\nUsing two sources for the information is the root cause.\nIn this function before the fix bumping v didn't mean bumping vf\npointer. But the code used this variables interchangeably, so stale vf\ncould point to different/not intended vf.\nRemove redundant \"v\" variable and iterate via single VF pointer across\nwhole function instead to guarantee VF pointer validity.", "A flaw was found in the Linux kernel\u2019s Ethernet Controller XL710 family driver. This flaw allows a local user to crash the system."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent the i40e module from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to prevent it from loading automatically."}, "name": "CVE-2024-36020", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-36020\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-36020"], "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object