Back

CVE-2024-41079

July 29, 2024, 4:21 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Linux kernel

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-07-29
CVE-2024-41079

CVE-2024-41079 details

Published : July 29, 2024, 3:15 p.m.
Last Modified : July 29, 2024, 4:21 p.m.

Description

In the Linux kernel, the following vulnerability has been resolved: nvmet: always initialize cqe.result The spec doesn't mandate that the first two double words (aka results) for the command queue entry need to be set to 0 when they are not used (not specified). Though, the target implemention returns 0 for TCP and FC but not for RDMA. Let's make RDMA behave the same and thus explicitly initializing the result field. This prevents leaking any data from the stack.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://git.kernel.org/stable/c/0990e8a863645496b9e3f91cfcfd63cd95c80319 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/10967873b80742261527a071954be8b54f0f8e4d 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/30d35b24b7957922f81cfdaa66f2e1b1e9b9aed2 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/cd0c1b8e045a8d2785342b385cb2684d9b48e426 416baaa9-dc9f-4396-8d5f-8c081fb06d67
This website uses the NVD API, but is not approved or certified by it.