Rapid7 Vulnerability & Exploit Database

Oracle Linux: CVE-2024-36020: ELSA-2024-5101: kernel security update (IMPORTANT) (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Oracle Linux: CVE-2024-36020: ELSA-2024-5101: kernel security update (IMPORTANT) (Multiple Advisories)

Severity
5
CVSS
(AV:N/AC:H/Au:S/C:N/I:N/A:C)
Published
05/30/2024
Created
08/20/2024
Added
10/16/2024
Modified
10/17/2024

Description

In the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced by commit 52424f974bc5, which causes servers hang in very hard to reproduce conditions with resets races. Using two sources for the information is the root cause. In this function before the fix bumping v didn't mean bumping vf pointer. But the code used this variables interchangeably, so stale vf could point to different/not intended vf. Remove redundant "v" variable and iterate via single VF pointer across whole function instead to guarantee VF pointer validity. A flaw was found in the Linux kernel’s Ethernet Controller XL710 family driver. This flaw allows a local user to crash the system.

Solution(s)

  • oracle-linux-upgrade-kernel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;