5.5

CVE-2024-41079

EPSS 0.02%
Published 29.07.2024 15:15:15
Last modified 03.11.2025 22:17:31
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

nvmet: always initialize cqe.result

The spec doesn't mandate that the first two double words (aka results)
for the command queue entry need to be set to 0 when they are not
used (not specified). Though, the target implemention returns 0 for TCP
and FC but not for RDMA.

Let's make RDMA behave the same and thus explicitly initializing the
result field. This prevents leaking any data from the stack.

Affected products Warnungen 0 Metrics 2 CWE 0 References 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 6.1.101

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.42

Linux ≫ Linux Kernel Version >= 6.7 < 6.9.11

Linux ≫ Linux Kernel Version6.10 Updaterc1

Linux ≫ Linux Kernel Version6.10 Updaterc2

Linux ≫ Linux Kernel Version6.10 Updaterc3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.022

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

https://git.kernel.org/stable/c/0990e8a863645496b9e3f91cfcfd63cd95c80319

Patch

https://git.kernel.org/stable/c/10967873b80742261527a071954be8b54f0f8e4d

Patch

https://git.kernel.org/stable/c/30d35b24b7957922f81cfdaa66f2e1b1e9b9aed2

Patch

https://git.kernel.org/stable/c/cd0c1b8e045a8d2785342b385cb2684d9b48e426

Patch

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

https://nvd.nist.gov/vuln/detail/CVE-2024-41079

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-41079

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-41079

EUVD