vulnerability

Debian: CVE-2024-41079: linux, linux-6.1 -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	Jul 29, 2024	Sep 2, 2024	Oct 10, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

Jul 29, 2024

Added

Sep 2, 2024

Modified

Oct 10, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

nvmet: always initialize cqe.result

The spec doesn't mandate that the first two double words (aka results)
for the command queue entry need to be set to 0 when they are not
used (not specified). Though, the target implemention returns 0 for TCP
and FC but not for RDMA.

Let's make RDMA behave the same and thus explicitly initializing the
result field. This prevents leaking any data from the stack.

Solutions

debian-upgrade-linuxdebian-upgrade-linux-6-1no-fix-debian-deb-package

References

CVE-2024-41079
https://attackerkb.com/topics/CVE-2024-41079
DEBIAN-DLA-4008-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today