Vulnerability Details CVE-2024-41052
In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: Init the count variable in collecting hot-reset devices
The count variable is used without initialization, it results in mistakes
in the device counting and crashes the userspace if the get hot reset info
path is triggered.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.7%
CVSS Severity
CVSS v3 Score 5.5
References
- https://git.kernel.org/stable/c/5a88a3f67e37e39f933b38ebb4985ba5822e9eca
- https://git.kernel.org/stable/c/f44136b9652291ac1fc39ca67c053ac624d0d11b
- https://git.kernel.org/stable/c/f476dffc52ea70745dcabf63288e770e50ac9ab3
- https://git.kernel.org/stable/c/5a88a3f67e37e39f933b38ebb4985ba5822e9eca
- https://git.kernel.org/stable/c/f44136b9652291ac1fc39ca67c053ac624d0d11b
- https://git.kernel.org/stable/c/f476dffc52ea70745dcabf63288e770e50ac9ab3
Products affected by CVE-2024-41052
-
cpe:2.3:o:linux:linux_kernel:6.6.36
-
cpe:2.3:o:linux:linux_kernel:6.6.37
-
cpe:2.3:o:linux:linux_kernel:6.6.38
-
cpe:2.3:o:linux:linux_kernel:6.6.39
-
cpe:2.3:o:linux:linux_kernel:6.6.40
-
cpe:2.3:o:linux:linux_kernel:6.9.7
-
cpe:2.3:o:linux:linux_kernel:6.9.8
-
cpe:2.3:o:linux:linux_kernel:6.9.9