CVE-2024-36975

June 18, 2024, 8:15 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Do not use WARN when encode fails When asn1_encode_sequence() fails, WARN is not the correct solution. 1. asn1_encode_sequence() is not an internal function (located in lib/asn1_encode.c). 2. Location is known, which makes the stack trace useless. 3. Results a crash if panic_on_warn is set. It is also noteworthy that the use of WARN is undocumented, and it should be avoided unless there is a carefully considered rationale to use it. Replace WARN with pr_err, and print the return value instead, which is only useful piece of information.

Product(s) Impacted

Product Versions
Linux kernel
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/050bf3c793a07f96bd1e2fd62e1447f731ed733b
https://git.kernel.org/stable/c/1c652e1e10676f942149052d9329b8bf2703529a
https://git.kernel.org/stable/c/681935009fec3fc22af97ee312d4a24ccf3cf087
https://git.kernel.org/stable/c/96f650995c70237b061b497c66755e32908f8972
https://git.kernel.org/stable/c/d32c6e09f7c4bec3ebc4941323f0aa6366bc1487
https://git.kernel.org/stable/c/ff91cc12faf798f573dab2abc976c1d5b1862fea

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-06-18
CVE-2024-36975

Timeline

Published: June 18, 2024, 8:15 p.m.
Last Modified: June 18, 2024, 8:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.