CVE-2024-27431

EPSS 0.02%
Veröffentlicht 17.05.2024 12:15:16
Zuletzt bearbeitet 21.11.2024 09:04:35
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

cpumap: Zero-initialise xdp_rxq_info struct before running XDP program

When running an XDP program that is attached to a cpumap entry, we don't
initialise the xdp_rxq_info data structure being used in the xdp_buff
that backs the XDP program invocation. Tobias noticed that this leads to
random values being returned as the xdp_md->rx_queue_index value for XDP
programs running in a cpumap.

This means we're basically returning the contents of the uninitialised
memory, which is bad. Fix this by zero-initialising the rxq data
structure before running the XDP program.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerlinux

≫

Produkt linux_kernel

Default Statusunknown

Version 9216477449f3

Status affected

Herstellerlinux

≫

Produkt linux_kernel

Default Statusunknown

Version 5.9

Status affected

Herstellerlinux

≫

Produkt linux_kernel

Default Statusunknown

Version 0

Status unaffected

Herstellerlinux

≫

Produkt linux_kernel

Default Statusunknown

Version 5.10.213

Status unaffected

Herstellerlinux

≫

Produkt linux_kernel

Default Statusunknown

Version 5.15.152

Status unaffected

Herstellerlinux

≫

Produkt linux_kernel

Default Statusunknown

Version 6.1.82

Status unaffected

Herstellerlinux

≫

Produkt linux_kernel

Default Statusunknown

Version 6.6.22

Status unaffected

Herstellerlinux

≫

Produkt linux_kernel

Default Statusunknown

Version 6.7.10

Status unaffected

Herstellerlinux

≫

Produkt linux_kernel

Default Statusunknown

Version 6.8

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.019

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

https://git.kernel.org/stable/c/2487007aa3b9fafbd2cb14068f49791ce1d7ede5

https://git.kernel.org/stable/c/3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95

https://git.kernel.org/stable/c/5f4e51abfbe6eb444fa91906a5cd083044278297

https://git.kernel.org/stable/c/eaa7cb836659ced2d9f814ac32aa3ec193803ed6

https://git.kernel.org/stable/c/f0363af9619c77730764f10360e36c6445c12f7b

https://git.kernel.org/stable/c/f562e4c4aab00986dde3093c4be919c3f2b85a4a

https://nvd.nist.gov/vuln/detail/CVE-2024-27431

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-27431

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-27431

EUVD