CVE-2024-42162

EPSS 0.02%
Veröffentlicht 30.07.2024 08:15:07
Zuletzt bearbeitet 21.11.2024 09:33:43
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

gve: Account for stopped queues when reading NIC stats

We now account for the fact that the NIC might send us stats for a
subset of queues. Without this change, gve_get_ethtool_stats might make
an invalid access on the priv->stats_report->stats array.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.3 <= 6.9.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.052

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://git.kernel.org/stable/c/32675d828c8a392e20d5b42375ed112c407e4b62

Patch

https://git.kernel.org/stable/c/af9bcf910b1f86244f39e15e701b2dc564b469a6

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-42162

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-42162

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-42162

EUVD