Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveLinuxCVE-2024-36923
HistoryMay 30, 2024 - 4:15 p.m.

CVE-2024-36923

2024-05-3016:15:15
Linux
web.nvd.nist.gov
37
linux kernel
vulnerability
fs/9p
uninitialized values
inode evict
nvd

AI Score

6.7

Confidence

Low

EPSS

0

Percentile

9.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

fs/9p: fix uninitialized values during inode evict

If an iget fails due to not being able to retrieve information
from the server then the inode structure is only partially
initialized. When the inode gets evicted, references to
uninitialized structures (like fscache cookies) were being
made.

This patch checks for a bad_inode before doing anything other
than clearing the inode from the cache. Since the inode is
bad, it shouldn’t have any state associated with it that needs
to be written back (and there really isn’t a way to complete
those anyways).

Affected configurations

Vulners
Node
linuxlinux_kernelRange6.8.06.8.10
OR
linuxlinux_kernelRange6.9.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/9p/vfs_inode.c"
    ],
    "versions": [
      {
        "version": "1da177e4c3f4",
        "lessThan": "1b4cb6e91f19",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "6630036b7c22",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/9p/vfs_inode.c"
    ],
    "versions": [
      {
        "version": "6.8.10",
        "lessThanOrEqual": "6.8.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

debiancve 1
osv 15
vulnrichment 1
cvelist 1
ubuntucve 1
redhatcve 1
nvd 1
nessus 14
openvas 7
ubuntu 4
debiancve
debiancve
CVE-2024-36923
2024-05-30 16:15:15
osv
osv
CVE-2024-36923
2024-05-30 16:15:00
Security update for the Linux Kernel
2024-07-09 14:01:02
Security update for the Linux Kernel
2024-07-10 06:10:16
vulnrichment
vulnrichment
CVE-2024-36923 fs/9p: fix uninitialized values during inode evict
2024-05-30 15:29:17
cvelist
cvelist
CVE-2024-36923 fs/9p: fix uninitialized values during inode evict
2024-05-30 15:29:17
ubuntucve
ubuntucve
CVE-2024-36923
2024-05-30 00:00:00
redhatcve
redhatcve
CVE-2024-36923
2024-06-03 13:13:18
nvd
nvd
CVE-2024-36923
2024-05-30 16:15:15
nessus
nessus
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:2381-1)
2024-07-11 00:00:00
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:2360-1)
2024-07-10 00:00:00
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:2561-1)
2024-07-22 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:2360-1)
2024-07-10 00:00:00
Ubuntu: Security Advisory (USN-6949-1)
2024-08-09 00:00:00
Ubuntu: Security Advisory (USN-6952-1)
2024-08-09 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-08-09 00:00:00
Linux kernel (OEM) vulnerabilities
2024-08-12 00:00:00
Linux kernel vulnerabilities
2024-08-13 00:00:00

AI Score

6.7

Confidence

Low

EPSS

0

Percentile

9.0%

JSON
Related for CVE-2024-36923
debiancve1osv15vulnrichment1cvelist1ubuntucve1redhatcve1nvd1nessus14openvas7ubuntu4