Executive Summary

Informations
Name CVE-2024-41079 First vendor Publication 2024-07-29
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

nvmet: always initialize cqe.result

The spec doesn't mandate that the first two double words (aka results) for the command queue entry need to be set to 0 when they are not used (not specified). Though, the target implemention returns 0 for TCP and FC but not for RDMA.

Let's make RDMA behave the same and thus explicitly initializing the result field. This prevents leaking any data from the stack.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41079

Sources (Detail)

https://git.kernel.org/stable/c/0990e8a863645496b9e3f91cfcfd63cd95c80319
https://git.kernel.org/stable/c/10967873b80742261527a071954be8b54f0f8e4d
https://git.kernel.org/stable/c/30d35b24b7957922f81cfdaa66f2e1b1e9b9aed2
https://git.kernel.org/stable/c/cd0c1b8e045a8d2785342b385cb2684d9b48e426
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2024-11-25 09:23:25
  • Multiple Updates
2024-07-29 21:27:27
  • First insertion