CVE-2024-36020
medium
CVSS v3
5.5
CVSS v4 NEW
β
VIR risk
5.5
Description
Important: kernel security update
Predictions
Exploit likelihood
55%
Patch ETA
β
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Source: Red Hat Errata β Red Hat Inc. Β· View original β Β· Open-Errata-API
Description kernel: i40e: fix vf may be used uninitialized in this function warning Red Hat statement To mitigate this issue, prevent the i40e module from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to prevent it from loading automatically. CVSS v3: 5.3 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releasesβ¦
Description
kernel: i40e: fix vf may be used uninitialized in this function warning
Red Hat statement
To mitigate this issue, prevent the i40e module from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to prevent it from loading automatically.
CVSS v3: 5.3 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10 | RHSA-2024:5102 | 2024-08-08T00:00:00Z |
| Red Hat Enterprise Linux 8 | kernel-0:4.18.0-553.16.1.el8_10 | RHSA-2024:5101 | 2024-08-08T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | kernel-0:4.18.0-372.113.1.el8_6 | RHSA-2024:4902 | 2024-07-29T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | kernel-0:4.18.0-372.113.1.el8_6 | RHSA-2024:4902 | 2024-07-29T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | kernel-0:4.18.0-372.113.1.el8_6 | RHSA-2024:4902 | 2024-07-29T00:00:00Z |
| Red Hat Enterprise Linux 8.8 Extended Update Support | kernel-0:4.18.0-477.67.1.el8_8 | RHSA-2024:5255 | 2024-08-13T00:00:00Z |
| Red Hat Enterprise Linux 9 | kernel-0:5.14.0-427.31.1.el9_4 | RHSA-2024:5363 | 2024-08-15T00:00:00Z |
| Red Hat Enterprise Linux 9 | kernel-0:5.14.0-427.31.1.el9_4 | RHSA-2024:5363 | 2024-08-15T00:00:00Z |
| Red Hat Enterprise Linux 9.2 Extended Update Support | kernel-0:5.14.0-284.77.1.el9_2 | RHSA-2024:5066 | 2024-08-07T00:00:00Z |
| Red Hat Enterprise Linux 9.2 Extended Update Support | kernel-rt-0:5.14.0-284.77.1.rt14.362.el9_2 | RHSA-2024:5067 | 2024-08-07T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected |
| Red Hat Enterprise Linux 7 | kernel | Out of support scope |
| Red Hat Enterprise Linux 7 | kernel-rt | Out of support scope |
| Red Hat Enterprise Linux 9 | kernel-rt | Affected |
Apply commands
Apply RHSA-2024:5102 for Red Hat Enterprise Linux 8
yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rtAffected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 6 | Not affected |
| redhat | Red Hat Enterprise Linux 9 | Affected |
OS impact
Linux kernel Affected 3 releases
| Version | Status | Fixed in |
|---|---|---|
| 6.9 | Affected | β |
| 6.1 | Affected | β |
| β | Affected | 4.19.312 |
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | β |
Debian Mixed 6 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 6.8.9-1 |
| sid | Fixed | 6.8.9-1 |
| forky | Fixed | 6.8.9-1 |
| bullseye | Fixed | 5.10.216-1 |
| bookworm | Fixed | 6.1.85-1 |
| 10.0 | Affected | β |
AlmaLinux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | kernel-doc-5.14.0-427.31.1.el9_4.noarch.rpm |
| 8 | Fixed | kernel-doc-4.18.0-553.16.1.el8_10.noarch.rpm |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
Rocky Linux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
References
- https://access.redhat.com/errata/RHSA-2024:5363
- https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6
- https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0
- https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba
- https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31
- https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a
- https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c
- https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d
- https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
- https://errata.rockylinux.org/RXSA-2024:5101
- https://errata.rockylinux.org/RLSA-2024:5102
- https://errata.rockylinux.org/RLSA-2024:5101
- https://www.suse.com/security/cve/CVE-2024-36020.html
- https://errata.rockylinux.org/RLSA-2024:5363
- https://security-tracker.debian.org/tracker/CVE-2024-36020
- https://access.redhat.com/errata/RHSA-2024:5101
- https://bugzilla.redhat.com/2263879
- https://bugzilla.redhat.com/2265645
- https://bugzilla.redhat.com/2265650
- https://bugzilla.redhat.com/2265797
- https://bugzilla.redhat.com/2266341
- https://bugzilla.redhat.com/2266347
CWEs
CWE-908
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.