← Volver a CVEs
CVE-2024-41079
MEDIUM5.5
Descripcion
In the Linux kernel, the following vulnerability has been resolved: nvmet: always initialize cqe.result The spec doesn't mandate that the first two double words (aka results) for the command queue entry need to be set to 0 when they are not used (not specified). Though, the target implemention returns 0 for TCP and FC but not for RDMA. Let's make RDMA behave the same and thus explicitly initializing the result field. This prevents leaking any data from the stack.
Detalles CVE
Puntuacion CVSS v3.15.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado7/29/2024
Ultima modificacion11/3/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
linux:linux_kernel
Referencias
https://git.kernel.org/stable/c/0990e8a863645496b9e3f91cfcfd63cd95c80319(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/10967873b80742261527a071954be8b54f0f8e4d(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/30d35b24b7957922f81cfdaa66f2e1b1e9b9aed2(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/cd0c1b8e045a8d2785342b385cb2684d9b48e426(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/0990e8a863645496b9e3f91cfcfd63cd95c80319(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/10967873b80742261527a071954be8b54f0f8e4d(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/30d35b24b7957922f81cfdaa66f2e1b1e9b9aed2(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/cd0c1b8e045a8d2785342b385cb2684d9b48e426(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.