7.1

CVE-2024-46865

fou: fix initialization of grc

In the Linux kernel, the following vulnerability has been resolved:

fou: fix initialization of grc

The grc must be initialize first. There can be a condition where if
fou is NULL, goto out will be executed and grc would be used
uninitialized.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version5.10.226
LinuxLinux Kernel Version5.15.167
LinuxLinux Kernel Version6.1.110
LinuxLinux Kernel Version6.6.51
LinuxLinux Kernel Version6.10.10
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.131
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/16ff0895283058b0f96d4fe277aa25ee096f0ea8
https://git.kernel.org/stable/c/392f6a97fcbecc64f0c00058b2db5bb0e4b8cc3e
https://git.kernel.org/stable/c/4c8002277167125078e6b9b90137bdf443ebaa08
Patch
https://git.kernel.org/stable/c/5d537b8d900514509622ce92330b70d2e581d409
Patch
https://git.kernel.org/stable/c/7ae890ee19479eeeb87724cca8430b5cb3660c74
Patch
https://git.kernel.org/stable/c/aca06c617c83295f0caa486ad608fbef7bdc11e8
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://cert-portal.siemens.com/productcert/html/ssa-265688.html