5.5

CVE-2024-36923

EPSS 0.01%
Published 30.05.2024 16:15:15
Last modified 03.11.2025 22:17:00
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

fs/9p: fix uninitialized values during inode evict

If an iget fails due to not being able to retrieve information
from the server then the inode structure is only partially
initialized.  When the inode gets evicted, references to
uninitialized structures (like fscache cookies) were being
made.

This patch checks for a bad_inode before doing anything other
than clearing the inode from the cache.  Since the inode is
bad, it shouldn't have any state associated with it that needs
to be written back (and there really isn't a way to complete
those anyways).

Affected products Warnungen 0 Metrics 2 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 6.1.119

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.63

Linux ≫ Linux Kernel Version >= 6.7 < 6.8.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.012

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/18cf7026355187b8d2b4cdfed61dbf873e9d29ff

Patch

https://git.kernel.org/stable/c/1b4cb6e91f19b81217ad98142ee53a1ab25893fd

Patch

https://git.kernel.org/stable/c/3a741b80b3457f079cf637e47800fb7bf8038ad6

Patch

https://git.kernel.org/stable/c/6630036b7c228f57c7893ee0403e92c2db2cd21d

Patch

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

https://nvd.nist.gov/vuln/detail/CVE-2024-36923

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-36923

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-36923

EUVD