CVE-2024-41052

Summary

In the Linux kernel, the following vulnerability has been resolved:

vfio/pci: Init the count variable in collecting hot-reset devices

The count variable is used without initialization, it results in mistakes in the device counting and crashes the userspace if the get hot reset info path is triggered.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux618fbf4c910a06a3aa6a8b88a5fb1f2197f964f3 < f476dffc52ea70745dcabf63288e770e50ac9ab3affected
LinuxLinux9313244c26f3792daa86f3a18cc3bd5ad60310e0 < f44136b9652291ac1fc39ca67c053ac624d0d11baffected
LinuxLinuxf6944d4a0b87c16bc34ae589169e1ded3d4db08e < 5a88a3f67e37e39f933b38ebb4985ba5822e9ecaaffected
LinuxLinux6.6.36 < 6.6.41affected
LinuxLinux6.9.7 < 6.9.10affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References