Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced by commit 52424f974bc5, which causes servers hang in very hard to reproduce conditions with resets races. Using two sources for the information is the root cause. In this function before the fix bumping v didn't mean bumping vf pointer. But the code used this variables interchangeably, so stale vf could point to different/not intended vf. Remove redundant "v" variable and iterate via single VF pointer across whole function instead to guarantee VF pointer validity.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.19.264, < 4.19.312 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6Patch
- https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0Patch
- https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2baPatch
- https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31Patch
- https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450aPatch
- https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683cPatch
- https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23dPatch
- https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8Patch
- https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6Patch
- https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0Patch
- https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2baPatch
- https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31Patch
- https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450aPatch
- https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683cPatch
- https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23dPatch
FAQ
What is CVE-2024-36020?
CVE-2024-36020 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced by commit 52424f974bc5, which cau...
How severe is CVE-2024-36020?
CVE-2024-36020 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-36020?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.