CVE-2024-36020

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-36020

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

I

n the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced by commit 52424f974bc5, which causes servers hang in very hard to reproduce conditions with resets races. Using two sources for the information is the root cause. In this function before the fix bumping v didn't mean bumping vf pointer. But the code used this variables interchangeably, so stale vf could point to different/not intended vf. Remove redundant "v" variable and iterate via single VF pointer across whole function instead to guarantee VF pointer validity.

References
Link Resource
https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6 Patch
https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0 Patch
https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba Patch
https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31 Patch
https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a Patch
https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c Patch
https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d Patch
https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8 Patch
https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6 Patch
https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0 Patch
https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba Patch
https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31 Patch
https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a Patch
https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c Patch
https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d Patch
https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8 Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
History

23 Dec 2025, 19:16

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*
CWE CWE-908
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
References () https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6 - () https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6 - Patch
References () https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0 - () https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0 - Patch
References () https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba - () https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba - Patch
References () https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31 - () https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31 - Patch
References () https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a - () https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a - Patch
References () https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c - () https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c - Patch
References () https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d - () https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d - Patch
References () https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8 - () https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8 - Patch
References () https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html - () https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html - Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html - () https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html - Third Party Advisory
First Time Linux
Debian debian Linux
Linux linux Kernel
Debian

21 Nov 2024, 09:21

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html -
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html -
References () https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6 - () https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6 -
References () https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0 - () https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0 -
References () https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba - () https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba -
References () https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31 - () https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31 -
References () https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a - () https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a -
References () https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c - () https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c -
References () https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d - () https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d -
References () https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8 - () https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8 -

05 Nov 2024, 10:17

Type Values Removed Values Added
References
  • {'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}
  • {'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}

27 Jun 2024, 12:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html -

25 Jun 2024, 23:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html -
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i40e: se puede usar vf sin inicializar en esta función advertencia Para corregir la regresión introducida por el commit 52424f974bc5, que hace que los servidores se cuelguen con mucha dificultad para reproducir condiciones con restablecimientos de ejecución. El uso de dos fuentes para la información es la causa fundamental. En esta función, antes de la corrección, tocar v no significaba tocar el puntero vf. Pero el código usaba estas variables indistintamente, por lo que un vf obsoleto podría apuntar a un vf diferente o no intencionado. Elimine la variable "v" redundante e itere mediante un único puntero VF en toda la función para garantizar la validez del puntero VF.

30 May 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-30 15:15

Updated : 2025-12-23 19:16

NVD link : CVE-2024-36020

Mitre link : CVE-2024-36020

CVE.ORG link : CVE-2024-36020

JSON object : View

Products Affected

linux

debian

CWE
CWE-908

Use of Uninitialized Resource