Lucene search

416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2024-41052

HistoryJul 29, 2024 - 3:15 p.m.

CVE-2024-41052

2024-07-2915:15:13

CWE-908

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux kernel

vulnerability

cve-2024-41052

vfio/pci

hot reset

device counting

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

vfio/pci: Init the count variable in collecting hot-reset devices

The count variable is used without initialization, it results in mistakes
in the device counting and crashes the userspace if the get hot reset info
path is triggered.

Affected configurations

Nvd

Node

linuxlinux_kernelRange6.6.36–6.6.41

linuxlinux_kernelRange6.9.7–6.9.10

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

References

git.kernel.org/stable/c/5a88a3f67e37e39f933b38ebb4985ba5822e9eca

git.kernel.org/stable/c/f44136b9652291ac1fc39ca67c053ac624d0d11b

git.kernel.org/stable/c/f476dffc52ea70745dcabf63288e770e50ac9ab3

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.0%

JSON

Related for NVD:CVE-2024-41052